CVE-2022-36313

file-type vulnerable to Infinite Loop via malformed MKV file in npm/file-type

Identifiers

CVE-2022-36313, GHSA-mhxj-85r3-2x55

Package Slug

npm/file-type

Vulnerability

file-type vulnerable to Infinite Loop via malformed MKV file

Description

An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.

Affected Versions

All versions before 16.5.4, all versions starting from 17.0.0 before 17.1.3

Solution

Upgrade to versions 16.5.4, 17.1.3 or above.

Last Modified

2022-07-26

source