CVE-2024-21522

Published: Jul 10, 2024Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: report@snyk.io (Secondary)

Description

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (8)

https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e

Source: report@snyk.io

https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53

Source: report@snyk.io

https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79

Source: report@snyk.io

https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700

Source: report@snyk.io

https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.