The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed.
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"last_affected": "0"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/25xxx/CVE-2022-25892.json",
"cna_assigner": "snyk"
}{
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"cpe": [
"cpe:2.3:a:muhammara_project:muhammara:*:*:*:*:*:*:*:*",
"cpe:2.3:a:muhammara_project:muhammara:3.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:muhammara_project:muhammara:3.1.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1"
},
{
"introduced": "3.0.0"
},
{
"last_affected": "3.0.0"
},
{
"introduced": "3.1.0"
},
{
"last_affected": "3.1.0"
}
]
}"2026-07-09T06:37:48Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25892.json"
[
{
"id": "CVE-2022-25892-6b47daa8",
"digest": {
"function_hash": "110240482519299290359285843249292090336",
"length": 1720.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/julianhille/muhammarajs/commit/90b278d09f16062d93a4160ef0a54d449d739c51",
"deprecated": false,
"target": {
"function": "PDFParser::ParseLastXrefPosition",
"file": "src/deps/PDFWriter/PDFParser.cpp"
}
},
{
"id": "CVE-2022-25892-730dd630",
"digest": {
"function_hash": "110240482519299290359285843249292090336",
"length": 1720.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/julianhille/muhammarajs/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002",
"deprecated": false,
"target": {
"function": "PDFParser::ParseLastXrefPosition",
"file": "src/deps/PDFWriter/PDFParser.cpp"
}
},
{
"id": "CVE-2022-25892-8fc62d1c",
"digest": {
"line_hashes": [
"202187770000923064610987286081723936130",
"24389974961798006565121828465679367290",
"56621233088699263699252940820337643094"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/julianhille/muhammarajs/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002",
"deprecated": false,
"target": {
"file": "src/deps/PDFWriter/PDFParser.cpp"
}
},
{
"id": "CVE-2022-25892-aa3ec95e",
"digest": {
"line_hashes": [
"202187770000923064610987286081723936130",
"24389974961798006565121828465679367290",
"56621233088699263699252940820337643094"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/julianhille/muhammarajs/commit/90b278d09f16062d93a4160ef0a54d449d739c51",
"deprecated": false,
"target": {
"file": "src/deps/PDFWriter/PDFParser.cpp"
}
}
]