CVE-2016-10132

moderate-risk
Published 2017-03-24

regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Artifex Fedoraproject

References (10)

http://git.ghostscript.com/?p=mujs.git%3Bh=fd003eceda531e13fbdd1aeb6e9c73156496e...
Mailing List http://www.openwall.com/lists/oss-security/2017/01/12/9
Mailing List http://www.openwall.com/lists/oss-security/2017/01/13/1
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=697381
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
http://git.ghostscript.com/?p=mujs.git%3Bh=fd003eceda531e13fbdd1aeb6e9c73156496e...
Mailing List http://www.openwall.com/lists/oss-security/2017/01/12/9
Mailing List http://www.openwall.com/lists/oss-security/2017/01/13/1
Issue Tracking https://bugs.ghostscript.com/show_bug.cgi?id=697381
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
35
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 7/34 · Low