Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/10574?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/10574?format=api", "purl": "pkg:pypi/aubio@0.4.4", "type": "pypi", "namespace": "", "name": "aubio", "version": "0.4.4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.4.9", "latest_non_vulnerable_version": "0.4.9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35368?format=api", "vulnerability_id": "VCID-1vct-fzbc-27ep", "summary": "aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "https://github.com/advisories/GHSA-grmf-4fq6-2r79", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-grmf-4fq6-2r79" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19800", "reference_id": "CVE-2018-19800", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19800" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13493?format=api", "purl": "pkg:pypi/aubio@0.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.9" } ], "aliases": [ "CVE-2018-19800", "GHSA-grmf-4fq6-2r79", "PYSEC-2019-162" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vct-fzbc-27ep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35369?format=api", "vulnerability_id": "VCID-3yb2-e9ke-auc4", "summary": "aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html" }, { "reference_url": "https://github.com/advisories/GHSA-c6jq-h4jp-72pr", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-c6jq-h4jp-72pr" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19802", "reference_id": "CVE-2018-19802", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13493?format=api", "purl": "pkg:pypi/aubio@0.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.9" } ], "aliases": [ "CVE-2018-19802", "GHSA-c6jq-h4jp-72pr", "PYSEC-2019-164" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3yb2-e9ke-auc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35154?format=api", "vulnerability_id": "VCID-4xqx-q5an-63df", "summary": "The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" }, { "reference_url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17555", "reference_id": "CVE-2017-17555", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17555" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10577?format=api", "purl": "pkg:pypi/aubio@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vct-fzbc-27ep" }, { "vulnerability": "VCID-3yb2-e9ke-auc4" }, { "vulnerability": "VCID-uavx-j693-b3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7" } ], "aliases": [ "CVE-2017-17555", "PYSEC-2017-77" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqx-q5an-63df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35236?format=api", "vulnerability_id": "VCID-7uwy-g2fv-xfc7", "summary": "An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html" }, { "reference_url": "https://github.com/aubio/aubio/issues/189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/issues/189" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14523", "reference_id": "CVE-2018-14523", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14523" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10577?format=api", "purl": "pkg:pypi/aubio@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vct-fzbc-27ep" }, { "vulnerability": "VCID-3yb2-e9ke-auc4" }, { "vulnerability": "VCID-uavx-j693-b3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7" } ], "aliases": [ "CVE-2018-14523", "PYSEC-2018-63" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7uwy-g2fv-xfc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35152?format=api", "vulnerability_id": "VCID-ecxp-5hv8-mbbd", "summary": "In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.", "references": [ { "reference_url": "https://github.com/aubio/aubio/issues/148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/issues/148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10577?format=api", "purl": "pkg:pypi/aubio@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vct-fzbc-27ep" }, { "vulnerability": "VCID-3yb2-e9ke-auc4" }, { "vulnerability": "VCID-uavx-j693-b3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7" } ], "aliases": [ "CVE-2017-17054", "PYSEC-2017-75" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ecxp-5hv8-mbbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35237?format=api", "vulnerability_id": "VCID-eymz-cpuw-1kcb", "summary": "An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html" }, { "reference_url": "https://github.com/aubio/aubio/issues/188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/issues/188" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14522", "reference_id": "CVE-2018-14522", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14522" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10577?format=api", "purl": "pkg:pypi/aubio@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vct-fzbc-27ep" }, { "vulnerability": "VCID-3yb2-e9ke-auc4" }, { "vulnerability": "VCID-uavx-j693-b3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7" } ], "aliases": [ "CVE-2018-14522", "PYSEC-2018-62" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eymz-cpuw-1kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35155?format=api", "vulnerability_id": "VCID-t5xc-9bzf-5kas", "summary": "A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.", "references": [ { "reference_url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17554", "reference_id": "CVE-2017-17554", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17554" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10577?format=api", "purl": "pkg:pypi/aubio@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vct-fzbc-27ep" }, { "vulnerability": "VCID-3yb2-e9ke-auc4" }, { "vulnerability": "VCID-uavx-j693-b3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7" } ], "aliases": [ "CVE-2017-17554", "PYSEC-2017-76" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5xc-9bzf-5kas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35370?format=api", "vulnerability_id": "VCID-uavx-j693-b3bj", "summary": "aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/13493?format=api", "purl": "pkg:pypi/aubio@0.4.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.9" } ], "aliases": [ "CVE-2018-19801", "GHSA-7vvr-h4p5-m7fh", "PYSEC-2019-163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uavx-j693-b3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35238?format=api", "vulnerability_id": "VCID-zvqm-pym8-9ug8", "summary": "An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.", "references": [ { "reference_url": "https://github.com/aubio/aubio/issues/187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/aubio/aubio/issues/187" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14521", "reference_id": "CVE-2018-14521", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14521" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10577?format=api", "purl": "pkg:pypi/aubio@0.4.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vct-fzbc-27ep" }, { "vulnerability": "VCID-3yb2-e9ke-auc4" }, { "vulnerability": "VCID-uavx-j693-b3bj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7" } ], "aliases": [ "CVE-2018-14521", "PYSEC-2018-61" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvqm-pym8-9ug8" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.4" }