{"url":"http://public2.vulnerablecode.io/api/packages/87934?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-5?distro=trixie","type":"deb","namespace":"debian","name":"alsaplayer","version":"0.99.82-5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58563?format=json","vulnerability_id":"VCID-79us-fft5-efdd","summary":"Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1896","reference_id":"","reference_type":"","scores":[{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71417","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71461","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71468","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71444","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71428","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00657","scoring_system":"epss","scoring_elements":"0.71452","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1896"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/21814.c","reference_id":"CVE-2002-1896;OSVDB-59890","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/21814.c"},{"reference_url":"https://www.securityfocus.com/bid/5767/info","reference_id":"CVE-2002-1896;OSVDB-59890","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/5767/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87933?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.72-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.72-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87932?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.81-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.81-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87935?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87934?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-5%3Fdistro=trixie"}],"aliases":["CVE-2002-1896"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79us-fft5-efdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58564?format=json","vulnerability_id":"VCID-ghe1-gthc-mqa8","summary":"Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4089","reference_id":"","reference_type":"","scores":[{"value":"0.24803","scoring_system":"epss","scoring_elements":"0.96254","published_at":"2026-06-04T12:55:00Z"},{"value":"0.24803","scoring_system":"epss","scoring_elements":"0.96259","published_at":"2026-06-05T12:55:00Z"},{"value":"0.24803","scoring_system":"epss","scoring_elements":"0.96262","published_at":"2026-06-08T12:55:00Z"},{"value":"0.24803","scoring_system":"epss","scoring_elements":"0.96268","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4089"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382842","reference_id":"382842","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382842"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/28367.txt","reference_id":"CVE-2006-4089;OSVDB-27883","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/28367.txt"},{"reference_url":"https://www.securityfocus.com/bid/19450/info","reference_id":"CVE-2006-4089;OSVDB-27883","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/19450/info"},{"reference_url":"https://security.gentoo.org/glsa/200608-24","reference_id":"GLSA-200608-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200608-24"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87936?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.76-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.76-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87932?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.81-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.81-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87935?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87934?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-5%3Fdistro=trixie"}],"aliases":["CVE-2006-4089"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghe1-gthc-mqa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58565?format=json","vulnerability_id":"VCID-pa1n-e38k-dkf4","summary":"Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5301","reference_id":"","reference_type":"","scores":[{"value":"0.4422","scoring_system":"epss","scoring_elements":"0.97618","published_at":"2026-06-04T12:55:00Z"},{"value":"0.4422","scoring_system":"epss","scoring_elements":"0.97622","published_at":"2026-06-05T12:55:00Z"},{"value":"0.4422","scoring_system":"epss","scoring_elements":"0.97624","published_at":"2026-06-08T12:55:00Z"},{"value":"0.4422","scoring_system":"epss","scoring_elements":"0.97623","published_at":"2026-06-07T12:55:00Z"},{"value":"0.4422","scoring_system":"epss","scoring_elements":"0.97625","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5301"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446034","reference_id":"446034","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446034"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/5424.txt","reference_id":"CVE-2007-5301","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/5424.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30648.txt","reference_id":"CVE-2007-5301;OSVDB-41643","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/30648.txt"},{"reference_url":"https://www.securityfocus.com/bid/25969/info","reference_id":"CVE-2007-5301;OSVDB-41643","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/25969/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/87937?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.80~rc4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.80~rc4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87932?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.81-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.81-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87935?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/87934?format=json","purl":"pkg:deb/debian/alsaplayer@0.99.82-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-5%3Fdistro=trixie"}],"aliases":["CVE-2007-5301"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa1n-e38k-dkf4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/alsaplayer@0.99.82-5%3Fdistro=trixie"}