Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
music-metadata has an infinite loop vulnerability in ASF parser
Vulnerability Description
music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header Extension Object has `objectSize = 0`. Version 11.12.3 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
music-metadata 安全漏洞
Vulnerability Description
music-metadata是Borewit个人开发者的一个音频文件元数据提取库。 music-metadata 11.12.3之前版本存在安全漏洞,该漏洞源于ASF解析器处理objectSize为0的对象不当,可能导致无限循环。
CVSS Information
N/A
Vulnerability Type
N/A