Tor Andersson

6 exploits Active since Apr 2019
CVE-2026-40505 WRITEUP LOW WRITEUP
MuPDF mutool ANSI Injection via Metadata
MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running mutool info, enabling them to manipulate terminal display for social engineering attacks such as presenting fake prompts or spoofed commands.
CVSS 3.3
CVE-2019-11411 WRITEUP CRITICAL WRITEUP
Artifex MuJS <1.0.5 - Buffer Overflow
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
CVSS 9.8
CVE-2019-11412 WRITEUP HIGH WRITEUP
Artifex MuJS <1.0.5 - DoS
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
CVSS 7.5
CVE-2019-11413 WRITEUP HIGH WRITEUP
Artifex MuJS 1.0.5 - Buffer Overflow
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.
CVSS 7.5
CVE-2021-33796 WRITEUP CRITICAL WRITEUP
Artifex Mujs < 1.1.2 - Use After Free
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
CVSS 10.0
CVE-2021-33797 WRITEUP CRITICAL WRITEUP
Artifex Mujs < 1.1.1 - Integer Overflow
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
CVSS 9.8