Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Muhammarajs | Muhammarajs_project | * | 2.6.0 (including) |
| Hummusjs | Pdfhummus | * | 1.0.111 (excluding) |