CVE-2022-41957

HIGH Year: 2022
CVSS v3 Score
7.5
High
Weakness Type
CWE-690
View all →

Vulnerability Description

Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara.

Related Vulnerabilities

CVE-2020-36646

HIGH
CVSS:7.5(High)

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The mani...

CWE-6902020

CVE-2020-6095

HIGH
CVSS:7.5(High)

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference re...

CWE-6902020

CVE-2022-22231

HIGH
CVSS:7.5(High)

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial o...

CWE-6902022

CVE-2024-23085

HIGH
CVSS:7.5(High)

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). NOTE: this is disputed by multiple third parties...

CWE-6902024

CVE-2024-23915

HIGH
CVSS:7.5(High)

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::o...

CWE-6902024

CVE-2024-23916

HIGH
CVSS:7.5(High)

Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routines fluid_msg::A...

CWE-6902024