oss-sec mailing list archives
CVE request - mujs Heap-Buffer-Overflow write and OOB Read
From: Puzzor <puzzorsj () gmail com>
Date: Wed, 21 Sep 2016 19:01:23 +0800
Hello, Two vulnerabilities were found in mujs latest version, and they have got fixed. 1. mujs str Out-of-Bound read 1 byte in function chartorune. http://bugs.ghostscript.com/show_bug.cgi?id=697136 2. mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72 http://bugs.ghostscript.com/show_bug.cgi?id=697137 Please assign CVE-IDs for them. The vulnerabilities were found by Shi Ji(@Puzzor) Best regards, Shi Ji(@Puzzor)
Current thread:
- CVE request - mujs Heap-Buffer-Overflow write and OOB Read Puzzor (Sep 21)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Sep 28)