845399 – (CVE-2022-30974, CVE-2022-30975) <dev-lang/mujs-1.3.0: multiple vulnerabilities

Bug 845399 (CVE-2022-30974, CVE-2022-30975) - <dev-lang/mujs-1.3.0: multiple vulnerabilities

Summary: <dev-lang/mujs-1.3.0: multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	CVE-2022-30974, CVE-2022-30975

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa]
Keywords:

Depends on:	889968
Blocks:
	Show dependency tree

Reported:	2022-05-18 17:34 UTC by John Helmert III
Modified:	2024-04-07 07:20 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-05-18 17:34:34 UTC

CVE-2022-30974 (https://github.com/ccxvii/mujs/issues/162):

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

Patch: https://github.com/ccxvii/mujs/commit/160ae29578054dc09fd91e5401ef040d52797e61

CVE-2022-30975 (https://github.com/ccxvii/mujs/issues/161):

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.

Patch: https://github.com/ccxvii/mujs/commit/910acc807c3c057e1c0726160808f3a9f37b40ec
https://github.com/ccxvii/mujs/commit/f5b3c703e18725e380b83427004632e744f85a6f

Comment 1 John Helmert III archtester

2022-11-24 15:44:16 UTC

These patches are in 1.3.0 onwards.

Comment 2 John Helmert III archtester

2023-01-08 17:04:23 UTC

Please cleanup