CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
61.3%
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.
It has been patched in 2.6.0 for muhammara and not at all for hummus
Do not process files from untrusted sources
PR: https://github.com/julianhille/MuhammaraJS/pull/194
Issue: https://github.com/julianhille/MuhammaraJS/issues/191
Issue in hummus: https://github.com/galkahana/HummusJS/issues/293
The difference is one is in src/deps/PDFWriter/PDFParser.cpp and the other is PDFDocumentHandler.cpp both is a null pointer but for different cases
These are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent.
Vendor | Product | Version | CPE |
---|---|---|---|
hummus_project | hummus | * | cpe:2.3:a:hummus_project:hummus:*:*:*:*:*:node.js:*:* |
muhammara_project | muhammara | * | cpe:2.3:a:muhammara_project:muhammara:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-rcrx-fpjp-mfrw
github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a
github.com/galkahana/HummusJS/issues/293
github.com/julianhille/MuhammaraJS/issues/191
github.com/julianhille/MuhammaraJS/pull/194
github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw
nvd.nist.gov/vuln/detail/CVE-2022-39381