{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","type":"deb","namespace":"debian","name":"faad2","version":"2.8.1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.8.8-2","latest_non_vulnerable_version":"2.11.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93378?format=json","vulnerability_id":"VCID-137n-d6bn-pucd","summary":"The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9255","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49144","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49173","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49142","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9255"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-137n-d6bn-pucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93371?format=json","vulnerability_id":"VCID-2qkx-5mua-qbfh","summary":"The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9219","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47378","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47334","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9219"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9219"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qkx-5mua-qbfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93379?format=json","vulnerability_id":"VCID-53bt-akgh-nkb8","summary":"The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9256","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49144","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49173","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49142","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9256"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9256"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-53bt-akgh-nkb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93380?format=json","vulnerability_id":"VCID-8rem-57bh-tffv","summary":"The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9257","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49144","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49173","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49142","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9257"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9257"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rem-57bh-tffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93376?format=json","vulnerability_id":"VCID-b2jx-kqkj-t7a3","summary":"The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9253","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49144","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49173","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49142","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9253","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9253"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9253"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b2jx-kqkj-t7a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93373?format=json","vulnerability_id":"VCID-chcg-rgqj-53bz","summary":"The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9221","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47378","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47334","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9221"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-chcg-rgqj-53bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93370?format=json","vulnerability_id":"VCID-g81z-k4p8-kkfy","summary":"The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9218","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47378","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47334","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9218"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9218"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g81z-k4p8-kkfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93375?format=json","vulnerability_id":"VCID-hdpz-xtwf-pucb","summary":"The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9223","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47378","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47334","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9223"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hdpz-xtwf-pucb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93377?format=json","vulnerability_id":"VCID-he5k-ga6q-tqch","summary":"The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9254","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49144","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49173","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49142","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9254"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9254"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-he5k-ga6q-tqch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93374?format=json","vulnerability_id":"VCID-rjqt-nghm-euab","summary":"The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9222","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49144","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49173","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49179","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49176","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49193","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49218","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49216","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49186","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49185","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49142","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjqt-nghm-euab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93372?format=json","vulnerability_id":"VCID-vbv2-cdkz-7qe8","summary":"The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error) via a crafted mp4 file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9220","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47378","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47334","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9220"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbv2-cdkz-7qe8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"}