Vulnerability Description
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07d
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07d
- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07d
- https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07d
- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
FAQ
What is CVE-2024-21522?
CVE-2024-21522 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not ...
How severe is CVE-2024-21522?
CVE-2024-21522 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21522?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.