Vulnerabilities > CVE-2019-11412 - Always-Incorrect Control Flow Implementation vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

artifex

fedoraproject

CWE-670

NVD

Published: 2019-04-22

Updated: 2023-11-07

Summary

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

Vulnerable Configurations

Part	Description	Count
Application	Artifex Artifex Mujs 1.0.5	1
OS	Fedoraproject Fedoraproject Fedora 31 Fedoraproject Fedora 32 Fedoraproject Fedora 33	3

Common Weakness Enumeration (CWE)

CWE-670 - Always-Incorrect Control Flow Implementation

References

https://github.com/ccxvii/mujs/commit/1e5479084bc9852854feb1ba9bf68b52cd127e02
https://bugs.ghostscript.com/show_bug.cgi?id=700947
http://www.ghostscript.com/cgi-bin/findgit.cgi?1e5479084bc9852854feb1ba9bf68b52cd127e02
http://www.securityfocus.com/bid/108093
https://security.gentoo.org/glsa/202007-52
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67PMOZV4DLVL2KGU2SV724QL7Y4PKWKU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RQXMWEOWCGLOLFBQSXBM3MBN33T4I5H/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCRO74ORRIVWNVAX2MAMRY3THCTWLQI/