sherpa-onnx is vulnerable to Out-of-bounds Write
29
Low Risk
The offline speaker diarization pipeline indexes result vectors, an Eigen matrix, and intermediate sample lists using speaker and cluster IDs without validating them against the expected range. When FastClustering produces cluster labels outside the expected count, ReLabel writes past the matrix column bounds, SortBySpeaker reads past the result vector, and the post-filtering index loop reads past the sample lists, causing out-of-bounds memory access. Processing many audio files through diarization can intermittently trigger heap buffer overflow and SIGSEGV crashes of the host process. The fix validates speaker, cluster, and sample indices before array and matrix access and skips out-of-range IDs.
You are affected if you are using a version that falls within the vulnerable range and you use the offline speaker diarization feature.
sherpa-onnx is vulnerable to Out-of-bounds Write in versions 1.10.28 - 1.13.0.
Upgrade the sherpa-onnx library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant