CVE-2024-21522

7.5 HIGH
Published: July 10, 2024 Modified: April 15, 2026
View on NVD

Description

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
Source: report@snyk.io
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
Source: report@snyk.io
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
Source: report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
Source: report@snyk.io
https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L53
Source: af854a3a-2127-422b-91ae-364da2661108
https://github.com/almoghamdani/audify/blob/94b2fe79dc528fda2c7d59c7a0fd0e9de07dc3dc/src/opus_decoder.cpp%23L79
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700
Source: af854a3a-2127-422b-91ae-364da2661108

8 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
0.3%
53th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-129

Related CVEs

CVE-2026-40962 4.9
CVE-2026-40505 3.3
CVE-2026-40504 9.8
CVE-2026-3299 6.4
CVE-2026-40960 8.1