CVE-2024-21522 – audify

Package

Manager: npm
Name: audify
Vulnerable Version: >=0 <=1.9.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00239 pctl0.46895

Details

audify vulnerable to Improper Validation of Array Index All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

Metadata

Created: 2024-07-10T06:33:51Z
Modified: 2024-07-10T20:43:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-7vhm-fmph-7wxw/GHSA-7vhm-fmph-7wxw.json
CWE IDs: ["CWE-129"]
Alternative ID: GHSA-7vhm-fmph-7wxw
Finding: F184
Auto approve: 1