Vulnerability CVE-2018-5759


Published: 2018-01-24

Description:
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Artifex MuJS Denial Of Service
Andrea Sindoni
29.01.2018

Type:

CWE-399

(Resource Management Errors)

Vendor: Artifex
Product: MUJS 
Version: 1.0.2;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://git.ghostscript.com/?p=mujs.git;a=commit;h=4d45a96e57fbabf00a7378b337d0ddcace6f38c1
http://www.securityfocus.com/bid/102833
https://bugs.ghostscript.com/show_bug.cgi?id=698868
https://www.exploit-db.com/exploits/43904/

Related CVE
CVE-2019-3839
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside o...
CVE-2019-11413
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.
CVE-2019-11412
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
CVE-2019-11411
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
CVE-2019-3838
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the cons...
CVE-2019-3835
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains i...
CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
CVE-2019-6131
svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

Copyright 2019, cxsecurity.com

 

Back to Top