CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
39.8%
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
Vendor | Product | Version | CPE |
---|---|---|---|
muhammarajs_project | muhammarajs | * | cpe:2.3:a:muhammarajs_project:muhammarajs:*:*:*:*:*:node.js:*:* |
pdfhummus | hummusjs | * | cpe:2.3:a:pdfhummus:hummusjs:*:*:*:*:*:node.js:*:* |