{"url":"http://public2.vulnerablecode.io/api/packages/4639?format=json","purl":"pkg:deb/debian/libvorbis@1.2.0.dfsg-3.1%2Blenny1","type":"deb","namespace":"debian","name":"libvorbis","version":"1.2.0.dfsg-3.1+lenny1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.6-2","latest_non_vulnerable_version":"1.3.6-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4309?format=json","vulnerability_id":"VCID-1ntd-28nj-cuex","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633"},{"reference_url":"https://security.archlinux.org/ASA-201803-12","reference_id":"ASA-201803-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-12"},{"reference_url":"https://security.archlinux.org/ASA-201803-21","reference_id":"ASA-201803-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-21"},{"reference_url":"https://security.archlinux.org/AVG-367","reference_id":"AVG-367","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-367"},{"reference_url":"https://security.archlinux.org/AVG-658","reference_id":"AVG-658","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-658"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4928?format=json","purl":"pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5892?format=json","purl":"pkg:deb/debian/libvorbis@1.3.6-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2"}],"aliases":["CVE-2017-14632"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ntd-28nj-cuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4410?format=json","vulnerability_id":"VCID-6dfq-gbf6-7fc7","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633"},{"reference_url":"https://security.archlinux.org/ASA-201803-12","reference_id":"ASA-201803-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-12"},{"reference_url":"https://security.archlinux.org/AVG-367","reference_id":"AVG-367","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-367"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4928?format=json","purl":"pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5892?format=json","purl":"pkg:deb/debian/libvorbis@1.3.6-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2"}],"aliases":["CVE-2017-11333"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6dfq-gbf6-7fc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2630?format=json","vulnerability_id":"VCID-j8zw-dg26-hfbe","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379","reference_id":"CVE-2009-3379","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4640?format=json","purl":"pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-nbbh-ws5y-3uh4"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1"}],"aliases":["CVE-2009-3379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zw-dg26-hfbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2633?format=json","vulnerability_id":"VCID-k4pn-yxd9-h3ad","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663","reference_id":"CVE-2009-2663","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4640?format=json","purl":"pkg:deb/debian/libvorbis@1.3.1-1%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-nbbh-ws5y-3uh4"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.1-1%252Bsqueeze1"}],"aliases":["CVE-2009-2663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4pn-yxd9-h3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4308?format=json","vulnerability_id":"VCID-kad4-b6ez-y3dx","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633"},{"reference_url":"https://security.archlinux.org/ASA-201803-12","reference_id":"ASA-201803-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-12"},{"reference_url":"https://security.archlinux.org/ASA-201803-21","reference_id":"ASA-201803-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-21"},{"reference_url":"https://security.archlinux.org/AVG-367","reference_id":"AVG-367","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-367"},{"reference_url":"https://security.archlinux.org/AVG-658","reference_id":"AVG-658","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-658"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4928?format=json","purl":"pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5892?format=json","purl":"pkg:deb/debian/libvorbis@1.3.6-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2"}],"aliases":["CVE-2017-14633"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kad4-b6ez-y3dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=json","vulnerability_id":"VCID-nbbh-ws5y-3uh4","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444","reference_id":"CVE-2012-0444","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07","reference_id":"mfsa2012-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4641?format=json","purl":"pkg:deb/debian/libvorbis@1.3.2-1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.2-1.3"}],"aliases":["CVE-2012-0444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1478?format=json","vulnerability_id":"VCID-yw14-7xmq-g3e6","summary":"An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146"},{"reference_url":"https://security.archlinux.org/ASA-201803-12","reference_id":"ASA-201803-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-12"},{"reference_url":"https://security.archlinux.org/ASA-201803-13","reference_id":"ASA-201803-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-13"},{"reference_url":"https://security.archlinux.org/ASA-201803-21","reference_id":"ASA-201803-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-21"},{"reference_url":"https://security.archlinux.org/ASA-201803-22","reference_id":"ASA-201803-22","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-22"},{"reference_url":"https://security.archlinux.org/AVG-367","reference_id":"AVG-367","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-367"},{"reference_url":"https://security.archlinux.org/AVG-657","reference_id":"AVG-657","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-657"},{"reference_url":"https://security.archlinux.org/AVG-658","reference_id":"AVG-658","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-658"},{"reference_url":"https://security.archlinux.org/AVG-663","reference_id":"AVG-663","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-663"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-08","reference_id":"mfsa2018-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09","reference_id":"mfsa2018-09","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4643?format=json","purl":"pkg:deb/debian/libvorbis@1.3.4-2%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.4-2%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4928?format=json","purl":"pkg:deb/debian/libvorbis@1.3.5-4%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ntd-28nj-cuex"},{"vulnerability":"VCID-6dfq-gbf6-7fc7"},{"vulnerability":"VCID-kad4-b6ez-y3dx"},{"vulnerability":"VCID-yw14-7xmq-g3e6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.5-4%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5892?format=json","purl":"pkg:deb/debian/libvorbis@1.3.6-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.3.6-2"}],"aliases":["CVE-2018-5146"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yw14-7xmq-g3e6"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbis@1.2.0.dfsg-3.1%252Blenny1"}