CVE-2022-39381

Name of the Vulnerable Software and Affected Versions muhammara versions prior to 2.6.0 hummus (affected versions not specified)

Description The issue is related to a Denial of Service (DoS) condition that occurs when a maliciously crafted PDF file is supplied to be appended to another. This can happen in the muhammara and hummus packages, which are node modules with c/cpp bindings used to modify PDFs with JavaScript for node or electron. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For muhammara versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. For hummus, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround for both packages, do not process files from untrusted sources.