galkahana/HummusJS

galkahana/HummusJS

www.pdfhummus.com

Releases0

Stars1.18K

Node.js module for high performance creation, modification and parsing of PDF files and streams

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-39381 ↗	Nov 2, 2022Wednesday, 2 November 2022, 15:15	7.5 HIGH	—
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
CVE-2022-25892 ↗	Nov 1, 2022Tuesday, 1 November 2022, 05:15	7.5 HIGH	—
The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
CVE-2022-25885 ↗	Nov 1, 2022Tuesday, 1 November 2022, 05:15	7.5 HIGH	—
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.