{"url":"http://public2.vulnerablecode.io/api/packages/4778?format=json","purl":"pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn14261-1","type":"deb","namespace":"debian","name":"libvorbisidec","version":"1.0.2+svn14261-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.1+git20180316-3","latest_non_vulnerable_version":"1.2.1+git20180316-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1479?format=json","vulnerability_id":"VCID-dn6k-uzwy-8fbj","summary":"The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.*Update: The 52.7.2 source release accidentally did not include this patch (the Mozilla-produced 52.7.2 binaries are fine). Anyone building 52.7.2 on ARM should use revision 5cd5586a2f48424a9031a3fa4c782954a9df9a52 instead of the released source.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5147"},{"reference_url":"https://security.archlinux.org/AVG-659","reference_id":"AVG-659","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-659"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-08","reference_id":"mfsa2018-08","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2018-08"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4781?format=json","purl":"pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1~deb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dn6k-uzwy-8fbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1~deb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5112?format=json","purl":"pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dn6k-uzwy-8fbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/6164?format=json","purl":"pkg:deb/debian/libvorbisidec@1.2.1%2Bgit20180316-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.2.1%252Bgit20180316-3"}],"aliases":["CVE-2018-5147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dn6k-uzwy-8fbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2630?format=json","vulnerability_id":"VCID-j8zw-dg26-hfbe","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379","reference_id":"CVE-2009-3379","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3379"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4780?format=json","purl":"pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dn6k-uzwy-8fbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-0.2"}],"aliases":["CVE-2009-3379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zw-dg26-hfbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2633?format=json","vulnerability_id":"VCID-k4pn-yxd9-h3ad","summary":"Mozilla upgraded several third party libraries used in media\nrendering to address multiple memory safety and stability bugs\nidentified by members of the Mozilla community.  Some of the bugs\ndiscovered could potentially be used by an attacker to crash a\nvictim's browser and execute arbitrary code on their\ncomputer.  liboggz, libvorbis,\nand liboggplay were all upgraded to address these\nissues.Audio and video capabilities were added in Firefox 3.5\nso prior releases of Firefox were not affected.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663","reference_id":"CVE-2009-2663","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2663"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45","reference_id":"mfsa2009-45","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-45"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63","reference_id":"mfsa2009-63","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2009-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4779?format=json","purl":"pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn16259-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dn6k-uzwy-8fbj"},{"vulnerability":"VCID-j8zw-dg26-hfbe"},{"vulnerability":"VCID-nbbh-ws5y-3uh4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn16259-2"}],"aliases":["CVE-2009-2663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4pn-yxd9-h3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2326?format=json","vulnerability_id":"VCID-nbbh-ws5y-3uh4","summary":"Security researcher regenrecht reported via\nTippingPoint's Zero Day Initiative the possibility of memory corruption during\nthe decoding of Ogg Vorbis files. This can cause a crash during decoding and has\nthe potential for remote code execution.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444","reference_id":"CVE-2012-0444","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07","reference_id":"mfsa2012-07","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4780?format=json","purl":"pkg:deb/debian/libvorbisidec@1.0.2%2Bsvn18153-0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dn6k-uzwy-8fbj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn18153-0.2"}],"aliases":["CVE-2012-0444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbbh-ws5y-3uh4"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libvorbisidec@1.0.2%252Bsvn14261-1"}