CVE-2022-44789

NameCVE-2022-44789
DescriptionA logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5291-1
Debian Bugs1024769

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mujs (PTS)bullseye1.1.0-1+deb11u3fixed
bullseye (security)1.1.0-1+deb11u2fixed
bookworm1.3.2-1fixed
sid, trixie1.3.3-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mujssourcebullseye1.1.0-1+deb11u2DSA-5291-1
mujssource(unstable)1.3.2-11024769

Notes

https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt
Fixed by: https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f (1.3.2)

Search for package or bug name: Reporting problems