CVE-2024-7771

Published: Mar 20, 2025

Modified: Mar 20, 2025

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from the localWhisper implementation, where resampling the audio file from 1 Hz to 16000 Hz quickly exceeds available memory, leading to the Docker instance being killed by the instance manager.

Vendor	Product	Versions
mintplex-labs	mintplex-labs/anything-llm	affected `unspecified - < 1.3.1`

Weaknesses (CWE)

CWE-400

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://huntr.com/bounties/a31a9834-e9c4-4b50-a1ec-ecb69f2a6142

https://github.com/mintplex-labs/anything-llm/commit/dd017c6cbbf42abdef7861a66558c53b66424d07

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-7771

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References