GHSA-7vhm-fmph-7wxw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7vhm-fmph-7wxw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-7vhm-fmph-7wxw/GHSA-7vhm-fmph-7wxw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7vhm-fmph-7wxw
- Aliases
-
- CVE-2024-21522
- Published
- 2024-07-10T06:33:51Z
- Modified
- 2024-07-10T21:12:45.467955Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- audify vulnerable to Improper Validation of Array Index
- Details
-
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.
- Database specific
{ "cwe_ids": [ "CWE-129" ], "nvd_published_at": "2024-07-10T05:15:10Z", "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2024-07-10T20:43:22Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-21522
- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
- https://github.com/almoghamdani/audify
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp#L53
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
Affected packages
npm / audify
Package
- Name
- audify
- View open source insights on deps.dev
- Purl
- pkg:npm/audify