PT-2022-17589 · Hummus+1 · Hummus+1
Julian Hille
+1
·
Published
2022-11-01
·
Updated
2022-12-03
·
CVE-2022-25892
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
muhammara versions prior to 2.6.1
muhammara versions 3.0.0 through 3.1.0
hummus versions prior to 1.0.111
Description
The issue allows for Denial of Service (DoS) when a maliciously crafted PDF file is supplied to be parsed.
Recommendations
For muhammara versions prior to 2.6.1, update to version 2.6.1 or later.
For muhammara versions 3.0.0 through 3.1.0, update to version 3.1.1 or later.
For hummus versions prior to 1.0.111, update to version 1.0.111 or later.
As a temporary workaround, do not process files from untrusted sources.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hummus
Muhammara