{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","type":"deb","namespace":"debian","name":"wavpack","version":"5.6.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.8.1-1","latest_non_vulnerable_version":"5.9.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104200?format=json","vulnerability_id":"VCID-12pr-d8sj-n3e8","summary":"An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10539.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10539.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10539","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59445","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5949","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5947","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59488","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574729","reference_id":"1574729","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574729"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271","reference_id":"897271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271"},{"reference_url":"https://usn.ubuntu.com/3637-1/","reference_id":"USN-3637-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3637-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10539"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12pr-d8sj-n3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104204?format=json","vulnerability_id":"VCID-3fbc-bmeh-nyhj","summary":"The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19841.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19841","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.6909","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.6913","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69139","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69132","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69117","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69136","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19841"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661449","reference_id":"1661449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915565","reference_id":"915565","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915565"},{"reference_url":"https://security.gentoo.org/glsa/202007-19","reference_id":"GLSA-202007-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1581","reference_id":"RHSA-2020:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1581"},{"reference_url":"https://usn.ubuntu.com/3839-1/","reference_id":"USN-3839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134177?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19841"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fbc-bmeh-nyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104198?format=json","vulnerability_id":"VCID-4epw-cgky-k3cf","summary":"An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser component contains a vulnerability that allows writing to memory because ParseWave64HeaderConfig in wave64.c does not reject multiple format chunks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10537.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10537.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10537","reference_id":"","reference_type":"","scores":[{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72095","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72136","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72143","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72122","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72108","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00686","scoring_system":"epss","scoring_elements":"0.72133","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574726","reference_id":"1574726","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574726"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271","reference_id":"897271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271"},{"reference_url":"https://usn.ubuntu.com/3637-1/","reference_id":"USN-3637-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3637-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10537"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4epw-cgky-k3cf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104205?format=json","vulnerability_id":"VCID-5p9r-nx3m-7uc4","summary":"WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010315.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010315.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010315","reference_id":"","reference_type":"","scores":[{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74686","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74691","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74678","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74661","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74687","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010315"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1729418","reference_id":"1729418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1729418"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1581","reference_id":"RHSA-2020:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1581"},{"reference_url":"https://usn.ubuntu.com/4062-1/","reference_id":"USN-4062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134178?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-1010315"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5p9r-nx3m-7uc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104210?format=json","vulnerability_id":"VCID-633b-86de-nbgr","summary":"An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44269.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44269.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44269","reference_id":"","reference_type":"","scores":[{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61804","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61853","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61862","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61851","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61835","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00412","scoring_system":"epss","scoring_elements":"0.61852","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44269"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064457","reference_id":"2064457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064457"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7558","reference_id":"RHSA-2022:7558","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7558"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8139","reference_id":"RHSA-2022:8139","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134181?format=json","purl":"pkg:deb/debian/wavpack@5.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2021-44269"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-633b-86de-nbgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104194?format=json","vulnerability_id":"VCID-6v71-q7hb-4qca","summary":"The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10170.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10170","reference_id":"","reference_type":"","scores":[{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62717","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62762","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62761","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62771","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00427","scoring_system":"epss","scoring_elements":"0.62747","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10170"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417851","reference_id":"1417851","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417851"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076","reference_id":"853076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134170?format=json","purl":"pkg:deb/debian/wavpack@5.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10170"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6v71-q7hb-4qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104201?format=json","vulnerability_id":"VCID-93cy-23tm-fbcv","summary":"An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10540.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10540.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10540","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59445","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5949","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5947","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59488","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10540"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574731","reference_id":"1574731","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574731"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271","reference_id":"897271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271"},{"reference_url":"https://usn.ubuntu.com/3637-1/","reference_id":"USN-3637-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3637-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10540"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93cy-23tm-fbcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104206?format=json","vulnerability_id":"VCID-f1v5-pd99-y3eb","summary":"WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010317.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010317","reference_id":"","reference_type":"","scores":[{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80849","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80851","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80845","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80864","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010317"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737747","reference_id":"1737747","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737747"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932060","reference_id":"932060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932060"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1581","reference_id":"RHSA-2020:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1581"},{"reference_url":"https://usn.ubuntu.com/4062-1/","reference_id":"USN-4062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134179?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-1010317"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f1v5-pd99-y3eb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6324?format=json","vulnerability_id":"VCID-f2jb-h4bw-mqe2","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7253.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7253.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7253","reference_id":"","reference_type":"","scores":[{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75728","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75725","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75715","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.757","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75727","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547719","reference_id":"1547719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547719"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559","reference_id":"889559","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889559"},{"reference_url":"https://security.archlinux.org/ASA-201802-12","reference_id":"ASA-201802-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-12"},{"reference_url":"https://security.archlinux.org/ASA-201802-13","reference_id":"ASA-201802-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-13"},{"reference_url":"https://security.archlinux.org/AVG-631","reference_id":"AVG-631","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-631"},{"reference_url":"https://security.archlinux.org/AVG-634","reference_id":"AVG-634","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-634"},{"reference_url":"https://usn.ubuntu.com/3578-1/","reference_id":"USN-3578-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3578-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-7253"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2jb-h4bw-mqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104196?format=json","vulnerability_id":"VCID-fa8r-pn8b-7khs","summary":"The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10172.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10172","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4486","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4493","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44937","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44916","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44887","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44898","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10172"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417853","reference_id":"1417853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417853"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076","reference_id":"853076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134170?format=json","purl":"pkg:deb/debian/wavpack@5.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10172"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fa8r-pn8b-7khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102335?format=json","vulnerability_id":"VCID-ffzt-cz3e-bygu","summary":"wavpack: null pointer dereference in main() in cli/wvunpack.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2476.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2476","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0866","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08699","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08714","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08694","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08646","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08684","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2476"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015790","reference_id":"1015790","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015790"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2110455","reference_id":"2110455","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2110455"},{"reference_url":"https://usn.ubuntu.com/5721-1/","reference_id":"USN-5721-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5721-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134181?format=json","purl":"pkg:deb/debian/wavpack@5.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2022-2476"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffzt-cz3e-bygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6323?format=json","vulnerability_id":"VCID-fxwt-3qvx-xucv","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7254.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-7254.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7254","reference_id":"","reference_type":"","scores":[{"value":"0.19758","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-06-09T12:55:00Z"},{"value":"0.19758","scoring_system":"epss","scoring_elements":"0.95568","published_at":"2026-06-06T12:55:00Z"},{"value":"0.19758","scoring_system":"epss","scoring_elements":"0.9557","published_at":"2026-06-07T12:55:00Z"},{"value":"0.19758","scoring_system":"epss","scoring_elements":"0.95571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.19758","scoring_system":"epss","scoring_elements":"0.95557","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19758","scoring_system":"epss","scoring_elements":"0.95565","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547735","reference_id":"1547735","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1547735"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274","reference_id":"889274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274"},{"reference_url":"https://security.archlinux.org/ASA-201802-12","reference_id":"ASA-201802-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-12"},{"reference_url":"https://security.archlinux.org/ASA-201802-13","reference_id":"ASA-201802-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-13"},{"reference_url":"https://security.archlinux.org/AVG-631","reference_id":"AVG-631","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-631"},{"reference_url":"https://security.archlinux.org/AVG-634","reference_id":"AVG-634","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-634"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44154.py","reference_id":"CVE-2018-7254","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44154.py"},{"reference_url":"https://usn.ubuntu.com/3578-1/","reference_id":"USN-3578-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3578-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-7254"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxwt-3qvx-xucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104197?format=json","vulnerability_id":"VCID-grw6-get7-4fg8","summary":"An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10536.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10536.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10536","reference_id":"","reference_type":"","scores":[{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76857","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.7689","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76898","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76886","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76876","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76897","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574719","reference_id":"1574719","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574719"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271","reference_id":"897271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271"},{"reference_url":"https://usn.ubuntu.com/3637-1/","reference_id":"USN-3637-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3637-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10536"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-grw6-get7-4fg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104193?format=json","vulnerability_id":"VCID-hmnv-xck1-d7hx","summary":"The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10169.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10169","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63193","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63237","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63245","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63235","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63221","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63239","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10169"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10169"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417850","reference_id":"1417850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417850"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076","reference_id":"853076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076"},{"reference_url":"https://usn.ubuntu.com/3568-1/","reference_id":"USN-3568-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3568-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134170?format=json","purl":"pkg:deb/debian/wavpack@5.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10169"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hmnv-xck1-d7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104203?format=json","vulnerability_id":"VCID-km3a-3jhc-d7ch","summary":"The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19840.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19840","reference_id":"","reference_type":"","scores":[{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6651","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.6655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66558","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66543","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66529","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66546","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661448","reference_id":"1661448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661448"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915564","reference_id":"915564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915564"},{"reference_url":"https://security.gentoo.org/glsa/202007-19","reference_id":"GLSA-202007-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1581","reference_id":"RHSA-2020:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1581"},{"reference_url":"https://usn.ubuntu.com/3839-1/","reference_id":"USN-3839-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3839-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134177?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19840"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-km3a-3jhc-d7ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104195?format=json","vulnerability_id":"VCID-kz91-79an-87dn","summary":"The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10171.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10171","reference_id":"","reference_type":"","scores":[{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4486","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.4493","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44937","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44916","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44887","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00222","scoring_system":"epss","scoring_elements":"0.44898","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-10171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10171"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417852","reference_id":"1417852","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417852"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076","reference_id":"853076","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853076"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134170?format=json","purl":"pkg:deb/debian/wavpack@5.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2016-10171"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kz91-79an-87dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104199?format=json","vulnerability_id":"VCID-pp4w-58m7-ykdz","summary":"An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10538.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10538.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10538","reference_id":"","reference_type":"","scores":[{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70295","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70337","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70346","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70328","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70316","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00616","scoring_system":"epss","scoring_elements":"0.70339","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10538"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10539"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10540"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574728","reference_id":"1574728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1574728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271","reference_id":"897271","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897271"},{"reference_url":"https://usn.ubuntu.com/3637-1/","reference_id":"USN-3637-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3637-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-10538"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pp4w-58m7-ykdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104207?format=json","vulnerability_id":"VCID-ss5j-h9wy-zbac","summary":"WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010319.json","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010319.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010319","reference_id":"","reference_type":"","scores":[{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80823","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80849","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80864","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80851","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01408","scoring_system":"epss","scoring_elements":"0.80845","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010319"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010319","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010319"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737740","reference_id":"1737740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1737740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932061","reference_id":"932061","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932061"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1581","reference_id":"RHSA-2020:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1581"},{"reference_url":"https://usn.ubuntu.com/4062-1/","reference_id":"USN-4062-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4062-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134179?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-1010319"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss5j-h9wy-zbac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104209?format=json","vulnerability_id":"VCID-tjgn-by8a-3ucv","summary":"WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later \"unofficial\" releases through 5.3.2, which are also affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35738.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35738","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57817","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57871","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57868","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57855","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.5787","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57879","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35738"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911324","reference_id":"1911324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1911324"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978548","reference_id":"978548","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978548"},{"reference_url":"https://security.archlinux.org/ASA-202101-23","reference_id":"ASA-202101-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-23"},{"reference_url":"https://security.archlinux.org/AVG-1387","reference_id":"AVG-1387","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1387"},{"reference_url":"https://usn.ubuntu.com/4682-1/","reference_id":"USN-4682-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4682-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134180?format=json","purl":"pkg:deb/debian/wavpack@5.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.3.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-35738"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjgn-by8a-3ucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104208?format=json","vulnerability_id":"VCID-v3fb-4rbx-ukcj","summary":"WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a \"Conditional jump or move depends on uninitialised value\" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11498.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11498","reference_id":"","reference_type":"","scores":[{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87691","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87713","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87714","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03433","scoring_system":"epss","scoring_elements":"0.87725","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11498"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1704633","reference_id":"1704633","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1704633"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927903","reference_id":"927903","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927903"},{"reference_url":"https://security.gentoo.org/glsa/202007-19","reference_id":"GLSA-202007-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1581","reference_id":"RHSA-2020:1581","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1581"},{"reference_url":"https://usn.ubuntu.com/3960-1/","reference_id":"USN-3960-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3960-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134178?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2019-11498"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v3fb-4rbx-ukcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6325?format=json","vulnerability_id":"VCID-yce7-suv5-rbb1","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6767.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6767","reference_id":"","reference_type":"","scores":[{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75728","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75715","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.757","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75727","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00879","scoring_system":"epss","scoring_elements":"0.75725","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7254"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542550","reference_id":"1542550","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542550"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276","reference_id":"889276","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889276"},{"reference_url":"https://security.archlinux.org/ASA-201802-12","reference_id":"ASA-201802-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-12"},{"reference_url":"https://security.archlinux.org/ASA-201802-13","reference_id":"ASA-201802-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-13"},{"reference_url":"https://security.archlinux.org/AVG-631","reference_id":"AVG-631","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-631"},{"reference_url":"https://security.archlinux.org/AVG-634","reference_id":"AVG-634","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-634"},{"reference_url":"https://usn.ubuntu.com/3568-1/","reference_id":"USN-3568-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3568-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/134174?format=json","purl":"pkg:deb/debian/wavpack@5.1.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.1.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134171?format=json","purl":"pkg:deb/debian/wavpack@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-633b-86de-nbgr"},{"vulnerability":"VCID-ffzt-cz3e-bygu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134169?format=json","purl":"pkg:deb/debian/wavpack@5.6.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134173?format=json","purl":"pkg:deb/debian/wavpack@5.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/134172?format=json","purl":"pkg:deb/debian/wavpack@5.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.9.0-1%3Fdistro=trixie"}],"aliases":["CVE-2018-6767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yce7-suv5-rbb1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/wavpack@5.6.0-1%3Fdistro=trixie"}