CVE-2022-25885 HIGH

CVE-2022-25885: Denial of Service (DoS)

Vendor N/A
Product muhammara
Published November 1, 2022
Last update May 5, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

Key dates

02Disclosure timeline

November 1, 2022 CVE published
May 5, 2025 Record updated