Vulnerabilities

 1 via 1 paths

Dependencies

 189

Source

 GitHub

Commit

 489362df

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity
new

Infinite loop

  • Vulnerable module: file-type
  • Introduced through: jimp@0.22.12

Detailed paths

  • Introduced through: webrdp@mikej81/webrdp#489362df35110f88e0675770ecae1a89175b8ab5 jimp@0.22.12 @jimp/custom@0.22.12 @jimp/core@0.22.12 file-type@16.5.4

Overview

Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF (WMV/WMA) parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload.

Remediation

Upgrade file-type to version 21.3.1 or higher.

References

Infinite loop vulnerability report