CVE-2022-25885

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-25885

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25885.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-25885

Aliases

GHSA-frp9-2v6r-gj97

Published

2022-11-01T05:15:09.810Z

Modified

2025-11-14T13:05:49.095429Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

References

Affected packages

Git / github.com/julianhille/muhammarajs

Affected ranges

Type: GIT
Repo: https://github.com/julianhille/muhammarajs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0a6427eec82ef2978995e453de2dc0d6224dd46c

Affected versions

1.*

1.0.0

1.0.0-rc.1

1.0.0-rc.2

1.0.1

1.1.0

1.10.0

1.2.0

1.2.0-rc.1

1.3.0

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.1

1.6.0

1.7.0

1.8.0

1.9.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.4.0

2.5.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25885.json"

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "311882423104676434390323535992609202654",
                "10992586910619933181747338135814399593",
                "229076659405318585935756104383187924224",
                "324897814208810724861400509241045273135",
                "198786447970681125916135922855270814703",
                "167628617854626120075940973101592884374",
                "204464766559839782570489312486376457618",
                "83188071205360905998609079593233647924",
                "325016872975109965278622347156354140931",
                "47269109841652795552058008695718250746",
                "329077352275433659621371381002667341743",
                "223889086497713115778656009452973064942",
                "202924119918295022501055160175385556547",
                "217516539975137879216802676983013210944"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-25885-93e21a6d",
        "signature_type": "Line",
        "source": "https://github.com/julianhille/muhammarajs/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c",
        "target": {
            "file": "src/ObjectByteWriterWithPosition.cpp"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "257609084176641130353745940861848718009",
            "length": 1089.0
        },
        "id": "CVE-2022-25885-bb490594",
        "signature_type": "Function",
        "source": "https://github.com/julianhille/muhammarajs/commit/0a6427eec82ef2978995e453de2dc0d6224dd46c",
        "target": {
            "function": "ObjectByteWriterWithPosition::Write",
            "file": "src/ObjectByteWriterWithPosition.cpp"
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]