Vulnerability in Audify

CVE-2024-21522

All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can l…

EPSS: 0.006 (44.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

  • N/a Audify — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-21522?
CVE-2024-21522 is a high-severity vulnerability in Audify, classified under Improper Validation of Array Index. CVSS score: 7.5/10. Published 2024-07-10.
How severe is CVE-2024-21522?
High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-21522 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.