CVE-2021-33797: 
NixOS vulnerability analysis and mitigation

CVE-2021-33797 is a buffer overflow vulnerability affecting Artifex MuJS versions 1.0.1 to 1.1.1. The vulnerability occurs in the jsdtoa.c file when js_strtod() reads in floating point exponent, leading to an integer overflow which subsequently causes a buffer overflow in the pointer *d (NVD, CVE).

The vulnerability stems from an integer overflow condition in the js_strtod() function when parsing floating-point exponents. When processing numbers with extremely large exponents (e.g., 1E9600000000000000000000000000), the exp variable overflows to 0x80000000, causing the subsequent for loop to execute multiple times unexpectedly. The issue is particularly problematic when compiled with GCC -O2 optimization, as it optimizes away certain overflow checks (GitHub Issue). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to a global buffer overflow condition, potentially allowing attackers to execute arbitrary code or cause denial of service. The high CVSS score of 9.8 indicates critical severity with potential for complete system compromise (NVD).

The issue has been patched by implementing additional checks to limit the exponent parsing to MAX_INT to prevent signed overflow from being affected by optimizing compilers. The fix was implemented in commit 833b6f1 (GitHub Commit).