CVE-2022-30974 (https://github.com/ccxvii/mujs/issues/162): compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Patch: https://github.com/ccxvii/mujs/commit/160ae29578054dc09fd91e5401ef040d52797e61 CVE-2022-30975 (https://github.com/ccxvii/mujs/issues/161): In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. Patch: https://github.com/ccxvii/mujs/commit/910acc807c3c057e1c0726160808f3a9f37b40ec https://github.com/ccxvii/mujs/commit/f5b3c703e18725e380b83427004632e744f85a6f
These patches are in 1.3.0 onwards.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f6828b989009fecf980c109dc2a5c5349edd6314 commit f6828b989009fecf980c109dc2a5c5349edd6314 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 08:04:01 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 08:04:23 +0000 [ GLSA 202405-06 ] mujs: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/833453 Bug: https://bugs.gentoo.org/845399 Bug: https://bugs.gentoo.org/882775 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-06.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+)