{"url":"http://public2.vulnerablecode.io/api/packages/10574?format=json","purl":"pkg:pypi/aubio@0.4.4","type":"pypi","namespace":"","name":"aubio","version":"0.4.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.4.9","latest_non_vulnerable_version":"0.4.9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35368?format=json","vulnerability_id":"VCID-1vct-fzbc-27ep","summary":"aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"https://github.com/advisories/GHSA-grmf-4fq6-2r79","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grmf-4fq6-2r79"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19800","reference_id":"CVE-2018-19800","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19800"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13493?format=json","purl":"pkg:pypi/aubio@0.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.9"}],"aliases":["CVE-2018-19800","GHSA-grmf-4fq6-2r79","PYSEC-2019-162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vct-fzbc-27ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35369?format=json","vulnerability_id":"VCID-3yb2-e9ke-auc4","summary":"aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html"},{"reference_url":"https://github.com/advisories/GHSA-c6jq-h4jp-72pr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c6jq-h4jp-72pr"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19802","reference_id":"CVE-2018-19802","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19802"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13493?format=json","purl":"pkg:pypi/aubio@0.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.9"}],"aliases":["CVE-2018-19802","GHSA-c6jq-h4jp-72pr","PYSEC-2019-164"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3yb2-e9ke-auc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35154?format=json","vulnerability_id":"VCID-4xqx-q5an-63df","summary":"The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"},{"reference_url":"https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17555","reference_id":"CVE-2017-17555","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17555"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"aliases":["CVE-2017-17555","PYSEC-2017-77"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqx-q5an-63df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35236?format=json","vulnerability_id":"VCID-7uwy-g2fv-xfc7","summary":"An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html"},{"reference_url":"https://github.com/aubio/aubio/issues/189","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/issues/189"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14523","reference_id":"CVE-2018-14523","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14523"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"aliases":["CVE-2018-14523","PYSEC-2018-63"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uwy-g2fv-xfc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35152?format=json","vulnerability_id":"VCID-ecxp-5hv8-mbbd","summary":"In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.","references":[{"reference_url":"https://github.com/aubio/aubio/issues/148","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/issues/148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"aliases":["CVE-2017-17054","PYSEC-2017-75"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecxp-5hv8-mbbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35237?format=json","vulnerability_id":"VCID-eymz-cpuw-1kcb","summary":"An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html"},{"reference_url":"https://github.com/aubio/aubio/issues/188","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/issues/188"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14522","reference_id":"CVE-2018-14522","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14522"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"aliases":["CVE-2018-14522","PYSEC-2018-62"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eymz-cpuw-1kcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35155?format=json","vulnerability_id":"VCID-t5xc-9bzf-5kas","summary":"A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.","references":[{"reference_url":"https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17554","reference_id":"CVE-2017-17554","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17554"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"aliases":["CVE-2017-17554","PYSEC-2017-76"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5xc-9bzf-5kas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35370?format=json","vulnerability_id":"VCID-uavx-j693-b3bj","summary":"aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html"},{"reference_url":"https://github.com/advisories/GHSA-7vvr-h4p5-m7fh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7vvr-h4p5-m7fh"},{"reference_url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/blob/0.4.9/ChangeLog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13493?format=json","purl":"pkg:pypi/aubio@0.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.9"}],"aliases":["CVE-2018-19801","GHSA-7vvr-h4p5-m7fh","PYSEC-2019-163"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uavx-j693-b3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35238?format=json","vulnerability_id":"VCID-zvqm-pym8-9ug8","summary":"An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.","references":[{"reference_url":"https://github.com/aubio/aubio/issues/187","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/issues/187"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14521","reference_id":"CVE-2018-14521","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"aliases":["CVE-2018-14521","PYSEC-2018-61"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvqm-pym8-9ug8"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.4"}