CVE-2016-9017

Published: Oct 28, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.

Affected (1)

Products: Artifex: Mujs

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artifex Mujs	Up to 5c337af4b3df80cf967e4f9f6a21522de84b392a

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://bugs.ghostscript.com/show_bug.cgi?id=697171

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.securityfocus.com/bid/94241

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://bugs.ghostscript.com/show_bug.cgi?id=697171

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.securityfocus.com/bid/94241

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.