CVE-2022-44789

HIGH

Artifex MuJS 1.0.0-1.3.x - Remote Code Execution via Crafted JavaScript File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-44789. PoCs published by alalng.

AI-analyzed exploit summary This repository contains a working exploit for CVE-2022-44789, targeting a use-after-free vulnerability in MuJS. The exploit leverages heap manipulation and memory corruption to achieve remote code execution (RCE) by bypassing pointer mangling and executing shellcode.

Description

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Exploits (1)

nomisec WORKING POC 12 stars
by alalng · poc
https://github.com/alalng/CVE-2022-44789

This repository contains a working exploit for CVE-2022-44789, targeting a use-after-free vulnerability in MuJS. The exploit leverages heap manipulation and memory corruption to achieve remote code execution (RCE) by bypassing pointer mangling and executing shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: MuJS (specific version not explicitly stated)
No auth needed
Prerequisites: Vulnerable version of MuJS · Ability to execute JavaScript in the target environment
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 8.8
EPSS 0.0225
EPSS Percentile 80.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (3)
artifex/mujs 1.0.0 - 1.3.2
debian/debian_linux 11.0
fedoraproject/fedora 37
Published Nov 23, 2022
Tracked Since Feb 18, 2026