npm

audify vulnerable to Improper Validation of Array Index

High severity GitHub Reviewed Published Jul 10, 2024 to the GitHub Advisory Database • Updated Jul 10, 2024

Package

audify (npm)

Affected versions

<= 1.9.0

Patched versions

None

Description

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-21522
https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp#L53

Published by the National Vulnerability Database

Jul 10, 2024

Published to the GitHub Advisory Database Jul 10, 2024

Last updated Jul 10, 2024

Reviewed Jul 10, 2024

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

audify vulnerable to Improper Validation of Array Index

Package

Affected versions

Patched versions

Description

References

Severity

CVSS base metrics

Weaknesses

CVE ID

GHSA ID

Source code