ByteOS Network

NVD Vulnerability Details :

CVE-2024-21522

Awaiting Analysis

Source-report@snyk.io

Published At-10 Jul, 2024 | 05:15

Updated At-11 Jul, 2024 | 13:05

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CWE ID	Type	Source
CWE-129	Secondary	report@snyk.io

CWE ID: CWE-129

Type: Secondary

Source: report@snyk.io

References

Hyperlink	Source	Resource
https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e	report@snyk.io	N/A
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53	report@snyk.io	N/A
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79	report@snyk.io	N/A
https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700	report@snyk.io	N/A