CVE-2024-21522
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
Summary
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | audify | 0 < * | affected |
Weaknesses
- CWE-129: Improper Validation of Array Index
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
References
- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.