Vulnerabilities > CVE-2022-39381 - NULL Pointer Dereference vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

pdfhummus

muhammarajs-project

CWE-476

NVD

Published: 2022-11-02

Updated: 2022-11-04

Summary

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.

Vulnerable Configurations

Part	Description	Count
Application	Pdfhummus Pdfhummus Hummusjs *	1
Application	Muhammarajs_Project Muhammarajs Project Muhammarajs *	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References