Home > Vulnerability Database > CVE-2024-21522

Mend.io Vulnerability Database

CVE-2024-21522

Date: July 10, 2024

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

Language: C++

Severity Score

7.5

Related Resources (7)

Url: https://github.com/almoghamdani/audify

Url: https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp#L53

Url: https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79

Url: https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e

Url: https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21522

Url: https://www.mend.io/vulnerability-database/CVE-2024-21522

Severity Score

7.5

Weakness Type (CWE)

Improper Validation of Array Index

CWE-129

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21522

Date: July 10, 2024

Language: C++

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?