CVE-2024-21522: audify vulnerable to Improper Validation of Array Index
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.
References
- gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
- github.com/advisories/GHSA-7vhm-fmph-7wxw
- github.com/almoghamdani/audify
- github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp
- github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
- nvd.nist.gov/vuln/detail/CVE-2024-21522
- security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
Detect and mitigate CVE-2024-21522 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →