All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability.

Affected Packages

npm node-twain

Affected versions: 0 (last affected: 0.0.16)

Related CVEs

CVE-2024-21525

Key Information

GHSA ID

GHSA-wxr3-2hgv-qm8f

Published

July 10, 2024 6:33 AM

Last Modified

July 10, 2024 9:29 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

node-twain

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.