CVE-2021-33797: Integer Overflow
First published: Mon Apr 17 2023(Updated: )
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
Credit: patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artifex MuJS | >=1.0.1<=1.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this buffer overflow?
The vulnerability ID for this buffer overflow is CVE-2021-33797.
What is the severity of CVE-2021-33797?
CVE-2021-33797 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2021-33797?
Versions 1.0.1 to 1.1.1 of Artifex MuJS are affected by CVE-2021-33797.
How does the buffer overflow in CVE-2021-33797 occur?
The buffer overflow in CVE-2021-33797 occurs due to an integer overflow when reading the floating point exponent in js_strtod().
Are there any fixes or patches available for CVE-2021-33797?
The latest version of Artifex MuJS (1.1.2 or later) contains a fix for the buffer overflow vulnerability CVE-2021-33797.
- collector/nvd-index
- vendor/artifex
- canonical/artifex mujs
- version/artifex mujs/1.0.1
- version/artifex mujs/1.1.1