CVE-2022-36313

Name of the Vulnerable Software and Affected Versions file-type versions 13.0.0 through 16.5.4 file-type versions 17.x before 17.1.3

Description An issue was discovered in the file-type package for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop, making the application become unresponsive. This could be used to cause a Denial of Service (DoS) attack, particularly when used on a web server.

Recommendations For versions 13.0.0 through 16.5.4, update to version 16.5.4 or later. For versions 17.x before 17.1.3, update to version 17.1.3 or later. As a temporary workaround, consider restricting the handling of MKV files until a patch is available.