PT-2024-18936 · Audify · Audify
Alessio Della Libera
·
Published
2024-07-10
·
Updated
2024-07-11
·
CVE-2024-21522
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
audify versions all
Description
The issue arises from improper validation of array index when
frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions, as it is not checked for negative values. This can lead to a process crash.Recommendations
For all versions, as a temporary workaround, consider validating the
frameSize variable to ensure it does not contain negative values before passing it to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions. Restrict access to these functions until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Improper Validation of Array Index
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Audify