Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2022-41957 | First vendor Publication | 2022-11-28 |
Vendor | Cve | Last vendor Modification | 2022-12-01 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |||
---|---|---|---|
Overall CVSS Score | 7.5 | ||
Base Score | 7.5 | Environmental Score | 7.5 |
impact SubScore | 3.6 | Temporal Score | 7.5 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sources. If using hummus, replace the package with muhammara. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41957 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-690 | Unchecked Return Value to NULL Pointer Dereference |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 4 |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2022-12-03 13:11:03 |
|
2022-12-02 00:27:16 |
|
2022-11-28 21:27:13 |
|