{"id":"CVE-2022-25892","details":"The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.","aliases":["GHSA-9cv5-4wqv-9w94"],"modified":"2026-04-11T22:01:36.758924Z","published":"2022-11-01T05:15:10.010Z","references":[{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138"},{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320"},{"type":"REPORT","url":"https://github.com/galkahana/HummusJS/issues/463"},{"type":"FIX","url":"https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002"},{"type":"FIX","url":"https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51"},{"type":"FIX","url":"https://github.com/julianhille/MuhammaraJS/issues/214"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/julianhille/muhammarajs","events":[{"introduced":"0"},{"fixed":"e192e0d506751240b1b757f02e6dcb39c166bbfb"},{"introduced":"0"},{"last_affected":"8631512e98f7eea438ab74a7a198f2e4eb743323"},{"introduced":"0"},{"last_affected":"d93231dcdc14212eafe73bf4d8e59bdc46165f8e"},{"fixed":"1890fb555eaf171db79b73fdc3ea543bbd63c002"},{"fixed":"90b278d09f16062d93a4160ef0a54d449d739c51"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.6.1"},{"introduced":"0"},{"last_affected":"3.0.0"},{"introduced":"0"},{"last_affected":"3.1.0"}]}}],"versions":["1.0.0-rc.1","1.3.0","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","1.5.1","2.6.0","3.0.0","3.1.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T22:01:36Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25892.json","vanir_signatures":[{"digest":{"function_hash":"110240482519299290359285843249292090336","length":1720},"target":{"function":"PDFParser::ParseLastXrefPosition","file":"src/deps/PDFWriter/PDFParser.cpp"},"source":"https://github.com/julianhille/muhammarajs/commit/90b278d09f16062d93a4160ef0a54d449d739c51","id":"CVE-2022-25892-6b47daa8","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"digest":{"function_hash":"110240482519299290359285843249292090336","length":1720},"target":{"function":"PDFParser::ParseLastXrefPosition","file":"src/deps/PDFWriter/PDFParser.cpp"},"source":"https://github.com/julianhille/muhammarajs/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002","id":"CVE-2022-25892-730dd630","signature_type":"Function","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["202187770000923064610987286081723936130","24389974961798006565121828465679367290","56621233088699263699252940820337643094"],"threshold":0.9},"target":{"file":"src/deps/PDFWriter/PDFParser.cpp"},"source":"https://github.com/julianhille/muhammarajs/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002","id":"CVE-2022-25892-8fc62d1c","signature_type":"Line","deprecated":false,"signature_version":"v1"},{"digest":{"line_hashes":["202187770000923064610987286081723936130","24389974961798006565121828465679367290","56621233088699263699252940820337643094"],"threshold":0.9},"target":{"file":"src/deps/PDFWriter/PDFParser.cpp"},"source":"https://github.com/julianhille/muhammarajs/commit/90b278d09f16062d93a4160ef0a54d449d739c51","id":"CVE-2022-25892-aa3ec95e","signature_type":"Line","deprecated":false,"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}