npm package
file-type
pkg:npm/file-type
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32630 | — | >= 20.0.0, < 21.3.2 | 21.3.2 | Mar 13, 2026 | file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is | ||
| CVE-2026-31808 | — | >= 13.0.0, < 21.3.1 | 21.3.1 | Mar 10, 2026 | file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop | ||
| CVE-2022-36313 | — | >= 13.0.0, < 16.5.4 | 16.5.4 | Jul 21, 2022 | An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attac |
- CVE-2026-32630Mar 13, 2026affected >= 20.0.0, < 21.3.2fixed 21.3.2
file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is
- CVE-2026-31808Mar 10, 2026affected >= 13.0.0, < 21.3.1fixed 21.3.1
file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop
- CVE-2022-36313Jul 21, 2022affected >= 13.0.0, < 16.5.4fixed 16.5.4
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attac