CVE-2026-32630 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection…
Medium CVSS: 5.3

CVE-2026-32630

file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. As a result, a small compressed ZIP can cause file-type to inflate and process a much larger payload while probing ZIP-based formats such as OOXML. This vulnerability is fixed in 21.3.2.
Vendor
Sindresorhus
Product
File-type
CWE
CWE-409
Yayın Tarihi
2026-03-16 14:19:40
Güncelleme
2026-03-17 19:05:56
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-409 File-type MEDIUM Sindresorhus 2026

Referanslar

https://github.com/sindresorhus/file-type/commit/399b0f156063f5aeb1c124a7fd61028f3ea7c124 https://github.com/sindresorhus/file-type/security/advisories/GHSA-j47w-4g3g-c36v https://github.com/sindresorhus/file-type/security/advisories/GHSA-j47w-4g3g-c36v