CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
39.8%
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
Vendor | Product | Version | CPE |
---|---|---|---|
muhammarajs_project | muhammarajs | * | cpe:2.3:a:muhammarajs_project:muhammarajs:*:*:*:*:*:node.js:*:* |
pdfhummus | hummusjs | * | cpe:2.3:a:pdfhummus:hummusjs:*:*:*:*:*:node.js:*:* |
[
{
"vendor": "julianhille",
"product": "MuhammaraJS",
"versions": [
{
"version": "< 2.6.0",
"status": "affected"
}
]
}
]
More