VYPR
High severityNVD Advisory· Published Nov 2, 2022· Updated Apr 22, 2025

Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp

CVE-2022-39381

Description

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
muhammaranpm
< 2.6.02.6.0
hummusnpm
< 1.0.1111.0.111

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.