Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25885: electron crash, needs at least input validation for pdfstreamresponse · Issue #439 · galkahana/HummusJS

The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data.

CVE
Open in Source
#apple#dos#js#git#pdf
  hummus = require('hummus')
  writer = new hummus.PDFStreamForResponse(null)
  writer = hummus.createWriter(writer)
  writer.end()

The object PDFStreamForResponse does take ANYTHING as value.
This later will be used to write the header to int and so goes through WriteComment in hummus.

The node/electron call to v8:V8:toLocalEmpty kills it and jumps bad in memory.

Thread 0 Crashed:: CrBrowserMain  Dispatch queue: com.apple.main-thread
0   com.github.Electron.framework   0x00000001069702f0 0x104c13000 + 30790384
1   com.github.Electron.framework   0x0000000106397560 v8::V8::ToLocalEmpty() + 64
2   hummus.node                     0x000000010e2fcff1 ObjectByteWriterWithPosition::Write(unsigned char const*, unsigned long) + 615
3   hummus.node                     0x000000010e33cfed ObjectsContext::WriteComment(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 35
4   hummus.node                     0x000000010e320c49 PDFHummus::DocumentContext::WriteHeader(EPDFVersion) + 23
5   hummus.node                     0x000000010e2f34bc PDFWriterDriver::StartPDF(v8::Local<v8::Object>, EPDFVersion, LogConfiguration const&, PDFCreationSettings const&) + 90
6   hummus.node                     0x000000010e2fdfc4 CreateWriter(v8::FunctionCallbackInfo<v8::Value> const&) + 2778```

Could be easily fixed if at leasdt some null / undefined checks are done here.

Related news

GHSA-frp9-2v6r-gj97: muhammara and hummus vulnerable to null pointer dereference on bad response object

### Impact The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. ### Patches It has been patched in 2.6.0 for muhammara and not at all for hummus ### Workarounds Do not process files from untrusted sources ### References PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293 ### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892 The difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee75...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE