CVE-2016-9109

DEB

High

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this …

CVSS

7.5

High

EPSS

0.02

p80

Published

2016-01-01

Updated

2016-01-01

Description

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563.

Tags · CWE

RCEPre-auth

CWE-125

CAPEC-540

Affected products

MujsMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdfMupdf

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

2016-01-01

Published

2016-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.022 · p80

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
mujs		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked
mupdf		Tracked

Showing first 20 of 23

Source databases

DEB

CVE

UBU