Products
audify
- All versions
Source
report@snyk.io
Tags
CVE-2024-21522 details
Published : July 10, 2024, 5:15 a.m.
Last Modified : July 10, 2024, 5:15 a.m.
Last Modified : July 10, 2024, 5:15 a.m.
Description
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.5 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-129 | Improper Validation of Array Index | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
7.5
Exploitability Score
3.9
Impact Score
3.6
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
This website uses the NVD API, but is not approved or certified by it.