Описание
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.0 (включая)Версия до 1.0.111 (исключая)
Одно из
cpe:2.3:a:muhammarajs_project:muhammarajs:*:*:*:*:*:node.js:*:*
cpe:2.3:a:pdfhummus:hummusjs:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 47%
0.00237
Низкий
7.5 High
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-690
CWE-476
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
EPSS
Процентиль: 47%
0.00237
Низкий
7.5 High
CVSS3
5.5 Medium
CVSS3
Дефекты
CWE-690
CWE-476