Description

A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from the localWhisper implementation, where resampling the audio file from 1 Hz to 16000 Hz quickly exceeds available memory, leading to the Docker instance being killed by the instance manager.

INFO

Published Date :

2025-03-20T10:08:49.536Z

Last Modified :

2025-03-20T19:02:21.737Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7771 vulnerability.

Vendors Products
Mintplexlabs
  • Anythingllm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7771.

URL Resource
https://github.com/mintplex-labs/anything-llm/commit/dd017c6cbbf42abdef7861a66558c53b66424d07 cve-icon cve-icon
https://huntr.com/bounties/a31a9834-e9c4-4b50-a1ec-ecb69f2a6142 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact