GHSA-RCRX-FPJP-MFRW

Vulnerability from github – Published: 2022-11-02 18:10 – Updated: 2022-11-02 18:10
VLAI?
Summary
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
Details

Impact

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.

Patches

It has been patched in 2.6.0 for muhammara and not at all for hummus

Workarounds

Do not process files from untrusted sources

References

PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293

Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892

The difference is one is in src/deps/PDFWriter/PDFParser.cpp and the other is PDFDocumentHandler.cpp both is a null pointer but for different cases These are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent.

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "muhammara"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "hummus"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.111"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-39381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-690"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-02T18:10:47Z",
    "nvd_published_at": "2022-11-02T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nThe package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.\n\n### Patches\nIt has been patched in 2.6.0 for muhammara and not at all for hummus\n\n### Workarounds\nDo not process files from untrusted sources\n\n### References\nPR: https://github.com/julianhille/MuhammaraJS/pull/194\nIssue: https://github.com/julianhille/MuhammaraJS/issues/191\nIssue in hummus: https://github.com/galkahana/HummusJS/issues/293\n\n### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892\n\nThe difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee7596457b1ef2) both is a null pointer but for different cases\nThese are totally diffent issues, one is in reading a pdf the other is in appendending a maliciously crafted one. The function calls are different the versions in which they are solved are diffent. ",
  "id": "GHSA-rcrx-fpjp-mfrw",
  "modified": "2022-11-02T18:10:47Z",
  "published": "2022-11-02T18:10:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/security/advisories/GHSA-rcrx-fpjp-mfrw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39381"
    },
    {
      "type": "WEB",
      "url": "https://github.com/galkahana/HummusJS/issues/293"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/issues/191"
    },
    {
      "type": "WEB",
      "url": "https://github.com/julianhille/MuhammaraJS/pull/194"
    },
    {
      "type": "WEB",
      "url": "https://github.com/galkahana/HummusJS/commit/a9bf2520ab5abb69f9328906e406fbebfb36159a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/julianhille/MuhammaraJS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.