Skip to main content

Unchecked Return Value to NULL Pointer Dereference

CVE-2022-25885

Severity High
Score 7.5/10

Summary

The package muhammara versions before 2.6.0 and hummus versions before 1.0.111 are vulnerable to Denial of Service (DoS) when "PDFStreamForResponse()" is used with invalid data.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-690 - Unchecked Return Value to NULL Pointer Dereference

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

Advisory Timeline

  • Published