CVE-2018-5759

MEDIUM

Artifex MuJS <1.0.2 - DoS

Title source: llm

Description

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.

Exploits (1)

exploitdb WORKING POC

by Andrea Sindoni · textdosmultiple

https://www.exploit-db.com/exploits/43904

View Code ZIP pw:eip

References (4)

[Patch] http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=4d45a96e57fbabf00a7378b337d0ddcace6f38c1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102833

[Permissions Required] https://bugs.ghostscript.com/show_bug.cgi?id=698868

[Exploit, Patch, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43904/

Scores

CVSS v3 5.5

EPSS 0.0378

EPSS Percentile 87.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-674

Status published

Affected Products (1)

artifex/mujs < 1.0.2

Timeline

Published Jan 24, 2018

Tracked Since Feb 18, 2026