{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","type":"deb","namespace":"debian","name":"mp3gain","version":"1.6.2-2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93485?format=json","vulnerability_id":"VCID-19t5-h431-byfn","summary":"A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14407","reference_id":"","reference_type":"","scores":[{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64675","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64717","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64726","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64715","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64705","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64723","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14407"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14407"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19t5-h431-byfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93496?format=json","vulnerability_id":"VCID-2u6d-rjrx-xfhw","summary":"Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34085","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69585","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69593","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69583","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6957","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.6959","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-34085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34085"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2021-34085"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u6d-rjrx-xfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93482?format=json","vulnerability_id":"VCID-2wt4-n74f-4uae","summary":"The \"apetag.c\" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12911","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44425","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44495","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44503","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4448","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44445","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44457","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12911"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-12911"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wt4-n74f-4uae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93479?format=json","vulnerability_id":"VCID-858p-d89j-1fcf","summary":"Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0805","reference_id":"","reference_type":"","scores":[{"value":"0.05835","scoring_system":"epss","scoring_elements":"0.90705","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05835","scoring_system":"epss","scoring_elements":"0.90718","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05835","scoring_system":"epss","scoring_elements":"0.90717","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05835","scoring_system":"epss","scoring_elements":"0.90715","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05835","scoring_system":"epss","scoring_elements":"0.90713","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05835","scoring_system":"epss","scoring_elements":"0.90729","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0805"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2004-0805"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-858p-d89j-1fcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93483?format=json","vulnerability_id":"VCID-8uuq-9ujd-yyer","summary":"The \"mpglibDBL/layer3.c\" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12912","reference_id":"","reference_type":"","scores":[{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37262","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37353","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37359","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37326","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37288","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00165","scoring_system":"epss","scoring_elements":"0.37303","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12912","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12912"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-12912"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uuq-9ujd-yyer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93487?format=json","vulnerability_id":"VCID-dpeg-agrf-gkgc","summary":"A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14409","reference_id":"","reference_type":"","scores":[{"value":"0.01371","scoring_system":"epss","scoring_elements":"0.80557","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01371","scoring_system":"epss","scoring_elements":"0.80583","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01371","scoring_system":"epss","scoring_elements":"0.80585","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01371","scoring_system":"epss","scoring_elements":"0.80582","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01371","scoring_system":"epss","scoring_elements":"0.80578","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01371","scoring_system":"epss","scoring_elements":"0.80599","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14409"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14409","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14409"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14409"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dpeg-agrf-gkgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93486?format=json","vulnerability_id":"VCID-f32f-c4ba-qkgj","summary":"A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14408","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63256","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63299","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63307","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63296","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63283","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63301","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14408"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14408"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f32f-c4ba-qkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93488?format=json","vulnerability_id":"VCID-fmg6-p7y1-fugc","summary":"A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14410","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14410"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14410"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmg6-p7y1-fugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93484?format=json","vulnerability_id":"VCID-fp43-ugrv-wben","summary":"A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14406","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14406"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14406"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fp43-ugrv-wben"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93489?format=json","vulnerability_id":"VCID-gjk7-zcun-tbfw","summary":"A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14411","reference_id":"","reference_type":"","scores":[{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.7262","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72659","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72666","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72648","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0071","scoring_system":"epss","scoring_elements":"0.72635","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14411"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14411","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14411"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14411"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gjk7-zcun-tbfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93494?format=json","vulnerability_id":"VCID-k844-ctfp-zyb4","summary":"A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18359","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66502","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66507","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66515","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66499","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66485","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18359"},{"reference_url":"https://sourceforge.net/p/mp3gain/bugs/46/","reference_id":"46","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T14:51:25Z/"}],"url":"https://sourceforge.net/p/mp3gain/bugs/46/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973932","reference_id":"973932","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973932"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T14:51:25Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T14:51:25Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00030.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2019-18359"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k844-ctfp-zyb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93490?format=json","vulnerability_id":"VCID-n2b6-f3b4-efdt","summary":"An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14412","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40486","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40566","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40568","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4054","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4051","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40524","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14412"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2017-14412"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2b6-f3b4-efdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93481?format=json","vulnerability_id":"VCID-pb63-c6sn-dqfm","summary":"Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3.  NOTE: this issue might be related to CVE-2004-0991, but it is not clear.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1655","reference_id":"","reference_type":"","scores":[{"value":"0.00999","scoring_system":"epss","scoring_elements":"0.77322","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00999","scoring_system":"epss","scoring_elements":"0.77351","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00999","scoring_system":"epss","scoring_elements":"0.77361","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00999","scoring_system":"epss","scoring_elements":"0.77341","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00999","scoring_system":"epss","scoring_elements":"0.77362","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1655","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1655"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361863","reference_id":"361863","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361863"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2006-1655"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb63-c6sn-dqfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93491?format=json","vulnerability_id":"VCID-pms5-dtrm-53ck","summary":"The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10776","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.512","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51262","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51268","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51217","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51237","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10776"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2018-10776"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pms5-dtrm-53ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93478?format=json","vulnerability_id":"VCID-tbjb-2963-hue7","summary":"mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0577","reference_id":"","reference_type":"","scores":[{"value":"0.05245","scoring_system":"epss","scoring_elements":"0.90141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05245","scoring_system":"epss","scoring_elements":"0.90158","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05245","scoring_system":"epss","scoring_elements":"0.90157","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05245","scoring_system":"epss","scoring_elements":"0.90155","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05245","scoring_system":"epss","scoring_elements":"0.90154","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05245","scoring_system":"epss","scoring_elements":"0.90169","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0577"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0577","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2003-0577"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbjb-2963-hue7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93493?format=json","vulnerability_id":"VCID-ugf1-8y11-87hf","summary":"Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10778","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.512","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51262","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51268","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51217","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51237","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10778"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2018-10778"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugf1-8y11-87hf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93497?format=json","vulnerability_id":"VCID-x282-dpn9-3kgd","summary":"A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49356","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38448","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38391","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38402","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38444","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3842","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49356"},{"reference_url":"https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md","reference_id":"CVE-2023-49356.md","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-03T19:10:30Z/"}],"url":"https://github.com/linzc21/bug-reports/blob/main/reports/mp3gain/1.6.2/stack-buffer-overflow/CVE-2023-49356.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2023-49356"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x282-dpn9-3kgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93492?format=json","vulnerability_id":"VCID-z9nt-9hf9-7qcr","summary":"Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10777","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53671","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53729","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53738","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53725","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53702","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53724","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973932","reference_id":"973932","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973932"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2018-10777"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z9nt-9hf9-7qcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93480?format=json","vulnerability_id":"VCID-zfpw-4qs9-nudb","summary":"Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0991","reference_id":"","reference_type":"","scores":[{"value":"0.05027","scoring_system":"epss","scoring_elements":"0.8991","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05027","scoring_system":"epss","scoring_elements":"0.89926","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05027","scoring_system":"epss","scoring_elements":"0.89923","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05027","scoring_system":"epss","scoring_elements":"0.89938","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0991"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0991","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0991"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517877?format=json","purl":"pkg:deb/debian/mp3gain@1.6.2-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}],"aliases":["CVE-2004-0991"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zfpw-4qs9-nudb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mp3gain@1.6.2-2"}