Vulnerability Details CVE-2022-25892
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.8%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/galkahana/HummusJS/issues/463
- https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002
- https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51
- https://github.com/julianhille/MuhammaraJS/issues/214
- https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138
- https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320
- https://github.com/galkahana/HummusJS/issues/463
- https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002
- https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51
- https://github.com/julianhille/MuhammaraJS/issues/214
- https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138
- https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320
Products affected by CVE-2022-25892
-
cpe:2.3:a:muhammara_project:muhammara:-
-
cpe:2.3:a:muhammara_project:muhammara:1.0.0
-
cpe:2.3:a:muhammara_project:muhammara:1.0.1
-
cpe:2.3:a:muhammara_project:muhammara:1.1.0
-
cpe:2.3:a:muhammara_project:muhammara:1.10.0
-
cpe:2.3:a:muhammara_project:muhammara:1.2.0
-
cpe:2.3:a:muhammara_project:muhammara:1.3.0
-
cpe:2.3:a:muhammara_project:muhammara:1.4.0
-
cpe:2.3:a:muhammara_project:muhammara:1.4.1
-
cpe:2.3:a:muhammara_project:muhammara:1.4.2
-
cpe:2.3:a:muhammara_project:muhammara:1.4.3
-
cpe:2.3:a:muhammara_project:muhammara:1.5.0
-
cpe:2.3:a:muhammara_project:muhammara:1.5.1
-
cpe:2.3:a:muhammara_project:muhammara:1.6.0
-
cpe:2.3:a:muhammara_project:muhammara:1.7.0
-
cpe:2.3:a:muhammara_project:muhammara:1.8.0
-
cpe:2.3:a:muhammara_project:muhammara:1.9.0
-
cpe:2.3:a:muhammara_project:muhammara:2.0.0
-
cpe:2.3:a:muhammara_project:muhammara:2.1.0
-
cpe:2.3:a:muhammara_project:muhammara:2.2.0
-
cpe:2.3:a:muhammara_project:muhammara:2.3.0
-
cpe:2.3:a:muhammara_project:muhammara:2.4.0
-
cpe:2.3:a:muhammara_project:muhammara:2.5.0
-
cpe:2.3:a:muhammara_project:muhammara:2.6.0
-
cpe:2.3:a:muhammara_project:muhammara:2.6.1
-
cpe:2.3:a:muhammara_project:muhammara:2.6.2
-
cpe:2.3:a:muhammara_project:muhammara:3.0.0
-
cpe:2.3:a:muhammara_project:muhammara:3.1.0
-
cpe:2.3:a:muhammara_project:muhammara:3.1.1
-
cpe:2.3:a:muhammara_project:muhammara:3.2.0
-
cpe:2.3:a:muhammara_project:muhammara:3.3.0
-
cpe:2.3:a:muhammara_project:muhammara:3.4.0