{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.6.1" }, { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "3.1.0" } ] }, "events": [ { "introduced": "0" }, { "fixed": "e192e0d506751240b1b757f02e6dcb39c166bbfb" }, { "introduced": "0" }, { "last_affected": "8631512e98f7eea438ab74a7a198f2e4eb743323" }, { "introduced": "0" }, { "last_affected": "d93231dcdc14212eafe73bf4d8e59bdc46165f8e" }, { "fixed": "1890fb555eaf171db79b73fdc3ea543bbd63c002" }, { "fixed": "90b278d09f16062d93a4160ef0a54d449d739c51" } ], "repo": "https://github.com/julianhille/muhammarajs", "type": "GIT" } ] } ], "details": "The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.", "id": "CVE-2022-25892", "modified": "2026-03-15T13:45:24.161948746Z", "published": "2022-11-01T05:15:10.010Z", "references": [ { "type": "ADVISORY", "url": "https://security.snyk.io/vuln/SNYK-JS-HUMMUS-3091138" }, { "type": "ADVISORY", "url": "https://security.snyk.io/vuln/SNYK-JS-MUHAMMARA-3060320" }, { "type": "REPORT", "url": "https://github.com/galkahana/HummusJS/issues/463" }, { "type": "FIX", "url": "https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002" }, { "type": "FIX", "url": "https://github.com/julianhille/MuhammaraJS/commit/90b278d09f16062d93a4160ef0a54d449d739c51" }, { "type": "FIX", "url": "https://github.com/julianhille/MuhammaraJS/issues/214" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }