CVE-2024-21522

Опубликовано: 10 июл. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

Ссылки

https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700

EPSS

Процентиль: 52%

0.00291

Низкий

7.5 High

CVSS3

Дефекты

CWE-129

Связанные уязвимости

GHSA-7vhm-fmph-7wxw