Kilsen

**Name of the Vulnerable Software and Affected Versions** muhammara versions prior to 2.6.0 hummus (affected versions not specified) **Description** The issue is related to a Denial of Service (DoS) condition that occurs when a maliciously crafted PDF file is supplied to be appended to another. This can happen in the muhammara and hummus packages, which are node modules with c/cpp bindings used to modify PDFs with JavaScript for node or electron. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For muhammara versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. For hummus, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround for both packages, do not process files from untrusted sources.