{"id":"CVE-2021-45005","details":"Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.","modified":"2026-02-16T10:25:48.324548Z","published":"2022-02-14T22:15:07.670Z","related":["openSUSE-SU-2024:11851-1"],"references":[{"type":"ADVISORY","url":"https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66"},{"type":"REPORT","url":"https://bugs.ghostscript.com/show_bug.cgi?id=704749"},{"type":"FIX","url":"https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ccxvii/mujs","events":[{"introduced":"0"},{"fixed":"df8559e7bdbc6065276e786217eeee70f28fce66"}]}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66","digest":{"length":284,"function_hash":"212152073869175286281082301593682172866"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-45005-3b177be0","deprecated":false,"target":{"function":"labeljumps","file":"jscompile.c"}},{"source":"https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66","digest":{"length":5774,"function_hash":"237163975226279043876420863904796226887"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-45005-4e55cec9","deprecated":false,"target":{"function":"cstm","file":"jscompile.c"}},{"source":"https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66","digest":{"threshold":0.9,"line_hashes":["275807724497080271052422610850237832360","227584529407116748969682174614013157275","240809080275857800854606974949794639644","334065052966536761637457027412700420034","329729052851814533257288490691060238309","8940835939759206382994899836148086277","6054988557692956526949864972979385442","145596601120825659164228607211389863104","286271805656476390851949795220452398282","308399586663094525237579524878351268071","97418100892458907431908296232328864598","68925312356635455774599396700625178244","181075149946822227857618990255033231915","187307022138836425969583534719708308453","274405525164168968255509159472007911888","218883507416412212006559044291557666892","261912002941747122026296328538522311224","215127962763904643414884956828706401815","61945860987765811042741102784216201211","113060344910211876549520870867015668310","31700105095558418664416270783340521535","279894681206348592978295155697441515953","317683942424652400137057832087088852132","47249119057061389018184382908220195600","3246576348008574859410272597105028812","100209969234235566967502367992001512486","63247231701152640887474941693873678236","322043410525861417528982642410946746917","61427154769727538098744158190987063255","4293939356950446056189194658125537854","294491184255777449718403098842334886768","158524105499787221284480698950528032881","49504060447838056227091049369944311122","279282618473242856197455609682396189427","25028653667127782667800347499127356558","7225227643276560381493981070068381597"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-45005-7efc3846","deprecated":false,"target":{"file":"jscompile.c"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45005.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}