VYPR

npm package

file-type

pkg:npm/file-type

Vulnerabilities (3)

  • CVE-2026-32630Mar 13, 2026
    affected >= 20.0.0, < 21.3.2fixed 21.3.2

    file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in file-type when using fileTypeFromBuffer(), fileTypeFromBlob(), or fileTypeFromFile(). The ZIP inflate output limit is

  • CVE-2026-31808Mar 10, 2026
    affected >= 13.0.0, < 21.3.1fixed 21.3.1

    file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop

  • CVE-2022-36313Jul 21, 2022
    affected >= 13.0.0, < 16.5.4fixed 16.5.4

    An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attac