CVE-2024-21522 - All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSi

CVE-2024-21522

Summary

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

References

https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

11-07-2024 - 13:05

Published

10-07-2024 - 05:15

Last modified

11-07-2024 - 13:05