Vulnerabilities

 1 via 1 paths

Dependencies

 151

Source

 GitHub

Commit

 14b70975

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Infinite loop

  • Vulnerable module: file-type
  • Introduced through: eufy-security-client@3.8.0

Detailed paths

  • Introduced through: iobroker.eusec@bropat/ioBroker.eufy-security#14b7097588d080eeef69a8e2b91bfb2f9c6d1c09 eufy-security-client@3.8.0 image-type@5.2.0 file-type@18.7.0

Overview

Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF (WMV/WMA) parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload.

Remediation

Upgrade file-type to version 21.3.1 or higher.

References

Infinite loop vulnerability report