{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","type":"deb","namespace":"debian","name":"sox","version":"14.4.2+git20190427-2+deb11u2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"14.4.2+git20190427-3.1","latest_non_vulnerable_version":"14.4.2+git20190427-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96449?format=json","vulnerability_id":"VCID-fpfr-t5a4-d7dz","summary":"sox: floating point exception in src/voc.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32627.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32627.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32627","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16728","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16832","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16827","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16791","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16709","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32627"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32627","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32627"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041112","reference_id":"1041112","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212282","reference_id":"2212282","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:07:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212282"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-32627","reference_id":"CVE-2023-32627","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:07:31Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-32627"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T16:07:31Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html"},{"reference_url":"https://usn.ubuntu.com/6345-1/","reference_id":"USN-6345-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6345-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129281?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2023-32627"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpfr-t5a4-d7dz"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101145?format=json","vulnerability_id":"VCID-15f3-xk3k-gkbh","summary":"An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13590.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13590","reference_id":"","reference_type":"","scores":[{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43886","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43956","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43964","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43939","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43905","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43915","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13590"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737764","reference_id":"1737764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737764"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932082","reference_id":"932082","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932082"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129268?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2019-13590"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15f3-xk3k-gkbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101135?format=json","vulnerability_id":"VCID-25ps-6fev-u3d6","summary":"Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8145.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8145","reference_id":"","reference_type":"","scores":[{"value":"0.12998","scoring_system":"epss","scoring_elements":"0.9421","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12998","scoring_system":"epss","scoring_elements":"0.94219","published_at":"2026-06-05T12:55:00Z"},{"value":"0.12998","scoring_system":"epss","scoring_elements":"0.94221","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12998","scoring_system":"epss","scoring_elements":"0.94222","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12998","scoring_system":"epss","scoring_elements":"0.94228","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8145"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174792","reference_id":"1174792","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1174792"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720","reference_id":"773720","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773720"},{"reference_url":"https://security.gentoo.org/glsa/201612-30","reference_id":"GLSA-201612-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2014-8145"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-25ps-6fev-u3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101144?format=json","vulnerability_id":"VCID-5qpg-pppw-vbf3","summary":"SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010004.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010004","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64527","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.6457","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64579","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64567","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64557","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64575","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010004"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730577","reference_id":"1730577","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730577"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121","reference_id":"881121","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2019-1010004"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qpg-pppw-vbf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101150?format=json","vulnerability_id":"VCID-5yyr-1s4y-eyfs","summary":"A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3643.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3643.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3643","reference_id":"","reference_type":"","scores":[{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25939","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26042","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.26036","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.2599","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25933","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00093","scoring_system":"epss","scoring_elements":"0.25938","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010374","reference_id":"1010374","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980626","reference_id":"1980626","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980626"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129273?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2021-3643"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yyr-1s4y-eyfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101142?format=json","vulnerability_id":"VCID-7152-g4hw-eba9","summary":"In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15642.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15642.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15642","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67237","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67256","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67279","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67286","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67272","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15642"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510923","reference_id":"1510923","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510923"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882144","reference_id":"882144","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882144"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-15642"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7152-g4hw-eba9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3451?format=json","vulnerability_id":"VCID-72r1-wv3g-cuar","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33844.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33844","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27318","published_at":"2026-06-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27256","published_at":"2026-06-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27297","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27247","published_at":"2026-06-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27387","published_at":"2026-06-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27337","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021135","reference_id":"1021135","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021135"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975664","reference_id":"1975664","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975664"},{"reference_url":"https://security.archlinux.org/AVG-2100","reference_id":"AVG-2100","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2100"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"},{"reference_url":"https://usn.ubuntu.com/5904-2/","reference_id":"USN-5904-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129276?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2021-33844"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72r1-wv3g-cuar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101136?format=json","vulnerability_id":"VCID-7w4s-sb3x-97c6","summary":"The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11332.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11332.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11332","reference_id":"","reference_type":"","scores":[{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84165","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84188","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84192","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84175","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02044","scoring_system":"epss","scoring_elements":"0.84187","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11332"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480674","reference_id":"1480674","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480674"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328","reference_id":"870328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42398.txt","reference_id":"CVE-2017-11359;CVE-2017-11358;CVE-2017-11332","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/42398.txt"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-11332"],"risk_score":6.0,"exploitability":"2.0","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7w4s-sb3x-97c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101148?format=json","vulnerability_id":"VCID-9wt4-jujw-7ygz","summary":"An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8356.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8356.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8356","reference_id":"","reference_type":"","scores":[{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78969","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78995","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.79002","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01165","scoring_system":"epss","scoring_elements":"0.78992","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.8014","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01304","scoring_system":"epss","scoring_elements":"0.80119","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8356"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678295","reference_id":"1678295","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678295"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906","reference_id":"927906","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906"},{"reference_url":"https://usn.ubuntu.com/4079-1/","reference_id":"USN-4079-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-1/"},{"reference_url":"https://usn.ubuntu.com/4079-2/","reference_id":"USN-4079-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129270?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2019-8356"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wt4-jujw-7ygz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101147?format=json","vulnerability_id":"VCID-ayd7-s8nw-k3et","summary":"An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8355.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8355.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8355","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69076","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69086","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69079","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69063","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.69083","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8355"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8355","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8355"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678288","reference_id":"1678288","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678288"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906","reference_id":"927906","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906"},{"reference_url":"https://usn.ubuntu.com/4079-1/","reference_id":"USN-4079-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-1/"},{"reference_url":"https://usn.ubuntu.com/4079-2/","reference_id":"USN-4079-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129270?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2019-8355"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ayd7-s8nw-k3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101138?format=json","vulnerability_id":"VCID-aytt-yzu3-47cf","summary":"The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11359.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11359.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11359","reference_id":"","reference_type":"","scores":[{"value":"0.02933","scoring_system":"epss","scoring_elements":"0.86684","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02933","scoring_system":"epss","scoring_elements":"0.86707","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02933","scoring_system":"epss","scoring_elements":"0.86706","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02933","scoring_system":"epss","scoring_elements":"0.86702","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02933","scoring_system":"epss","scoring_elements":"0.86692","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02933","scoring_system":"epss","scoring_elements":"0.86704","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11359"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480676","reference_id":"1480676","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480676"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328","reference_id":"870328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-11359"],"risk_score":6.0,"exploitability":"2.0","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aytt-yzu3-47cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101137?format=json","vulnerability_id":"VCID-bnjj-79xe-fugq","summary":"The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11358.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11358.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11358","reference_id":"","reference_type":"","scores":[{"value":"0.0373","scoring_system":"epss","scoring_elements":"0.88198","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0373","scoring_system":"epss","scoring_elements":"0.88236","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0373","scoring_system":"epss","scoring_elements":"0.88221","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0373","scoring_system":"epss","scoring_elements":"0.8822","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0373","scoring_system":"epss","scoring_elements":"0.88218","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11358"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480675","reference_id":"1480675","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1480675"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328","reference_id":"870328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870328"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-11358"],"risk_score":6.0,"exploitability":"2.0","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnjj-79xe-fugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101141?format=json","vulnerability_id":"VCID-ds88-z64z-nuh6","summary":"There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15372.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15372","reference_id":"","reference_type":"","scores":[{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53582","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00299","scoring_system":"epss","scoring_elements":"0.53559","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64694","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64684","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64683","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64643","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15372"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510919","reference_id":"1510919","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878808","reference_id":"878808","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878808"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-15372"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ds88-z64z-nuh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101143?format=json","vulnerability_id":"VCID-ftgv-9t61-augq","summary":"In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18189.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18189","reference_id":"","reference_type":"","scores":[{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90585","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90611","published_at":"2026-06-09T12:55:00Z"},{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90597","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90595","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90598","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05714","scoring_system":"epss","scoring_elements":"0.90599","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18189"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1545866","reference_id":"1545866","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1545866"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121","reference_id":"881121","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2283","reference_id":"RHSA-2019:2283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2283"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-18189"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftgv-9t61-augq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3452?format=json","vulnerability_id":"VCID-hc5a-a7ck-u7fx","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23210.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23210","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43681","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43712","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43737","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43751","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4376","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010374","reference_id":"1010374","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010374"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975670","reference_id":"1975670","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975670"},{"reference_url":"https://security.archlinux.org/AVG-2100","reference_id":"AVG-2100","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2100"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129273?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2021-23210"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hc5a-a7ck-u7fx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101134?format=json","vulnerability_id":"VCID-jctp-mhgk-5bbr","summary":"Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0557.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0557.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0557","reference_id":"","reference_type":"","scores":[{"value":"0.48546","scoring_system":"epss","scoring_elements":"0.97805","published_at":"2026-06-04T12:55:00Z"},{"value":"0.48546","scoring_system":"epss","scoring_elements":"0.97808","published_at":"2026-06-05T12:55:00Z"},{"value":"0.48546","scoring_system":"epss","scoring_elements":"0.9781","published_at":"2026-06-09T12:55:00Z"},{"value":"0.48546","scoring_system":"epss","scoring_elements":"0.97811","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0557"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0557","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0557"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617229","reference_id":"1617229","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617229"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=262083","reference_id":"262083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=262083"},{"reference_url":"https://security.gentoo.org/glsa/200407-23","reference_id":"GLSA-200407-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200407-23"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/369.pl","reference_id":"OSVDB-8267;CVE-2004-0557","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/369.pl"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/374.c","reference_id":"OSVDB-8267;CVE-2004-0557","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/374.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:409","reference_id":"RHSA-2004:409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:409"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129258?format=json","purl":"pkg:deb/debian/sox@12.17.4-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@12.17.4-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2004-0557"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jctp-mhgk-5bbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101154?format=json","vulnerability_id":"VCID-me3y-1xew-27bz","summary":"In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31651.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31651","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22478","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2255","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22501","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22455","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012516","reference_id":"1012516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091807","reference_id":"2091807","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091807"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129276?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2022-31651"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-me3y-1xew-27bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101149?format=json","vulnerability_id":"VCID-mkky-f8ay-1ufp","summary":"An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8357.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8357.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8357","reference_id":"","reference_type":"","scores":[{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72747","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72786","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72794","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72776","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72763","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00716","scoring_system":"epss","scoring_elements":"0.72788","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8357"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678297","reference_id":"1678297","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678297"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906","reference_id":"927906","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906"},{"reference_url":"https://usn.ubuntu.com/4079-1/","reference_id":"USN-4079-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-1/"},{"reference_url":"https://usn.ubuntu.com/4079-2/","reference_id":"USN-4079-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129270?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2019-8357"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mkky-f8ay-1ufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3454?format=json","vulnerability_id":"VCID-n1qs-m8tk-t7aq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23159.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23159.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23159","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37952","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37993","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38015","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37981","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38043","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.38045","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021133","reference_id":"1021133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021133"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975671","reference_id":"1975671","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975671"},{"reference_url":"https://security.archlinux.org/AVG-2100","reference_id":"AVG-2100","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2100"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129273?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2021-23159"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n1qs-m8tk-t7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96450?format=json","vulnerability_id":"VCID-pdx4-384n-8kfz","summary":"sox: heap-buffer-overflow in src/hcom.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34318.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34318","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10189","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10236","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10152","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12926","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12923","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34318"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041111","reference_id":"1041111","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041111"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212283","reference_id":"2212283","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T16:11:54Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212283"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-34318","reference_id":"CVE-2023-34318","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T16:11:54Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-34318"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129273?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2023-34318"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdx4-384n-8kfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101140?format=json","vulnerability_id":"VCID-rzwd-r9ju-ckaj","summary":"There is a reachable assertion abort in the function sox_append_comment() in formats.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15371.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15371.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15371","reference_id":"","reference_type":"","scores":[{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49514","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49551","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49585","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49567","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49539","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0026","scoring_system":"epss","scoring_elements":"0.49575","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15371"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510918","reference_id":"1510918","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510918"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878809","reference_id":"878809","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878809"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-15371"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzwd-r9ju-ckaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101153?format=json","vulnerability_id":"VCID-sstg-18dk-d7bx","summary":"In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31650.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31650.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31650","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22478","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2255","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22501","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22451","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22455","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012516","reference_id":"1012516","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012516"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091804","reference_id":"2091804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091804"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129276?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2022-31650"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sstg-18dk-d7bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101146?format=json","vulnerability_id":"VCID-u31r-yfv6-kyh8","summary":"An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8354.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-8354.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8354","reference_id":"","reference_type":"","scores":[{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72831","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72868","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72875","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72858","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00805","scoring_system":"epss","scoring_elements":"0.7453","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00805","scoring_system":"epss","scoring_elements":"0.74503","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8354"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8354","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8354"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678284","reference_id":"1678284","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1678284"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906","reference_id":"927906","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927906"},{"reference_url":"https://usn.ubuntu.com/4079-1/","reference_id":"USN-4079-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-1/"},{"reference_url":"https://usn.ubuntu.com/4079-2/","reference_id":"USN-4079-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4079-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129270?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2019-8354"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u31r-yfv6-kyh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101139?format=json","vulnerability_id":"VCID-v7dy-ma11-e7d3","summary":"There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15370.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15370","reference_id":"","reference_type":"","scores":[{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64643","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64691","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64694","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64683","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64672","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00463","scoring_system":"epss","scoring_elements":"0.64684","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15370"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510917","reference_id":"1510917","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510917"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878810","reference_id":"878810","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878810"},{"reference_url":"https://security.archlinux.org/AVG-610","reference_id":"AVG-610","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-610"},{"reference_url":"https://security.gentoo.org/glsa/201810-02","reference_id":"GLSA-201810-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201810-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129261?format=json","purl":"pkg:deb/debian/sox@14.4.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2017-15370"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7dy-ma11-e7d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96448?format=json","vulnerability_id":"VCID-x13m-aku9-9fe8","summary":"sox: floating point exception in src/aiff.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26590.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26590.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26590","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10032","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09998","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10054","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10098","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10114","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10083","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26590"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041113","reference_id":"1041113","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041113"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212279","reference_id":"2212279","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T15:55:18Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212279"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-26590","reference_id":"CVE-2023-26590","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-01T15:55:18Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-26590"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129276?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2023-26590"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x13m-aku9-9fe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96451?format=json","vulnerability_id":"VCID-ynex-x6gk-nyfx","summary":"sox: heap-buffer-overflow in src/formats_i.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34432.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34432.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34432","reference_id":"","reference_type":"","scores":[{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.111","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11168","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11088","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14225","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14222","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34432"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041110","reference_id":"1041110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041110"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212291","reference_id":"2212291","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T16:23:54Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2212291"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-34432","reference_id":"CVE-2023-34432","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-01T16:23:54Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-34432"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129273?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2023-34432"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ynex-x6gk-nyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/101151?format=json","vulnerability_id":"VCID-ypfc-hz6r-hqdz","summary":"A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40426.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40426","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68357","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68402","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68399","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68407","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68384","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012138","reference_id":"1012138","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012138"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091798","reference_id":"2091798","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2091798"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/02/03/3","reference_id":"3","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:26Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/02/03/3"},{"reference_url":"https://www.debian.org/security/2023/dsa-5356","reference_id":"dsa-5356","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:26Z/"}],"url":"https://www.debian.org/security/2023/dsa-5356"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:26Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00009.html"},{"reference_url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434","reference_id":"TALOS-2021-1434","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-15T18:20:26Z/"}],"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129276?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2021-40426"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypfc-hz6r-hqdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3453?format=json","vulnerability_id":"VCID-zsws-zb1q-kqcz","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23172.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23172","reference_id":"","reference_type":"","scores":[{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44756","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44792","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44811","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.4478","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44826","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00221","scoring_system":"epss","scoring_elements":"0.44832","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23159"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3643"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31650"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31651"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021134","reference_id":"1021134","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021134"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975666","reference_id":"1975666","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975666"},{"reference_url":"https://security.archlinux.org/AVG-2100","reference_id":"AVG-2100","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2100"},{"reference_url":"https://usn.ubuntu.com/5904-1/","reference_id":"USN-5904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/129274?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129259?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-2%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129273?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129257?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-3.5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fpfr-t5a4-d7dz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-3.5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/129260?format=json","purl":"pkg:deb/debian/sox@14.4.2%2Bgit20190427-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-5%3Fdistro=trixie"}],"aliases":["CVE-2021-23172"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zsws-zb1q-kqcz"}],"risk_score":"2.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/sox@14.4.2%252Bgit20190427-2%252Bdeb11u2%3Fdistro=trixie"}