{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","type":"deb","namespace":"debian","name":"faad2","version":"2.11.2-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4999?format=json","vulnerability_id":"VCID-28rc-7jzb-vuff","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20360","reference_id":"","reference_type":"","scores":[{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65415","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65354","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65405","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65416","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65404","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00479","scoring_system":"epss","scoring_elements":"0.65395","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2660","reference_id":"AVG-2660","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2660"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93996?format=json","purl":"pkg:deb/debian/faad2@2.8.8-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20360"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28rc-7jzb-vuff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5001?format=json","vulnerability_id":"VCID-2geh-6kz7-fyba","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20196","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58188","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58238","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58246","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58235","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.5822","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2660","reference_id":"AVG-2660","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2660"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93996?format=json","purl":"pkg:deb/debian/faad2@2.8.8-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20196"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2geh-6kz7-fyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7162?format=json","vulnerability_id":"VCID-3ptn-j5eg-eya5","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32273","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3499","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34878","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34975","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34939","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34954","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34917","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2403","reference_id":"AVG-2403","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2403"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32273"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ptn-j5eg-eya5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67112?format=json","vulnerability_id":"VCID-3s3w-xc9p-gbf4","summary":"A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20198","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43691","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43761","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43771","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43747","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43712","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43722","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20198"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3s3w-xc9p-gbf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67120?format=json","vulnerability_id":"VCID-547c-mrb3-qkgb","summary":"An invalid memory address dereference was discovered in the hf_assembly function of libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20361","reference_id":"","reference_type":"","scores":[{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55655","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55712","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55717","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55686","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00323","scoring_system":"epss","scoring_elements":"0.55706","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20361"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-547c-mrb3-qkgb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67119?format=json","vulnerability_id":"VCID-651y-jrxh-v7b6","summary":"An invalid memory address dereference was discovered in the sbrDecodeSingleFramePS function of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20359","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40629","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20359"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-651y-jrxh-v7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4998?format=json","vulnerability_id":"VCID-6jc1-vjk9-ukep","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6956","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.5696","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56901","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56952","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56951","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56948","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.56933","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641","reference_id":"914641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641"},{"reference_url":"https://security.archlinux.org/AVG-2660","reference_id":"AVG-2660","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2660"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93996?format=json","purl":"pkg:deb/debian/faad2@2.8.8-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2019-6956"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jc1-vjk9-ukep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6527?format=json","vulnerability_id":"VCID-77a4-7aw5-kqem","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9221","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9221"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9221","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9221"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-77a4-7aw5-kqem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67108?format=json","vulnerability_id":"VCID-a8u1-tfjx-xkh2","summary":"An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19504","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54308","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54365","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54374","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54363","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54341","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641","reference_id":"914641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19504"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8u1-tfjx-xkh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6528?format=json","vulnerability_id":"VCID-bypv-8x3f-z3bt","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9220","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9220"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bypv-8x3f-z3bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7161?format=json","vulnerability_id":"VCID-d7nr-zqb9-73fm","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32274","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44312","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44235","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44262","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44287","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4425","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2403","reference_id":"AVG-2403","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2403"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32274"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7nr-zqb9-73fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7158?format=json","vulnerability_id":"VCID-ecd5-pnue-yub4","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32278","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44312","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44235","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44303","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44262","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44287","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.4425","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2403","reference_id":"AVG-2403","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2403"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32278"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecd5-pnue-yub4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67127?format=json","vulnerability_id":"VCID-ekb4-17ht-v3e2","summary":"Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38857","reference_id":"","reference_type":"","scores":[{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60131","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60101","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60119","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60127","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00386","scoring_system":"epss","scoring_elements":"0.60118","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38857"},{"reference_url":"https://github.com/knik0/faad2/issues/171","reference_id":"171","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:38:32Z/"}],"url":"https://github.com/knik0/faad2/issues/171"},{"reference_url":"https://security.gentoo.org/glsa/202401-13","reference_id":"GLSA-202401-13","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T21:38:32Z/"}],"url":"https://security.gentoo.org/glsa/202401-13"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94000?format=json","purl":"pkg:deb/debian/faad2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2023-38857"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekb4-17ht-v3e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67110?format=json","vulnerability_id":"VCID-enb2-4nwv-q3fp","summary":"A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20195","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40629","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20195"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enb2-4nwv-q3fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6524?format=json","vulnerability_id":"VCID-g25u-eg76-u3hq","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9253","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9253"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9253","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9253"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9253"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g25u-eg76-u3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6523?format=json","vulnerability_id":"VCID-g7zr-wdfm-77cj","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9254","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9254"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9254"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g7zr-wdfm-77cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67111?format=json","vulnerability_id":"VCID-gdst-tqgu-y3gk","summary":"There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20197","reference_id":"","reference_type":"","scores":[{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48715","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48724","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48705","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48676","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00251","scoring_system":"epss","scoring_elements":"0.48691","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20197"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdst-tqgu-y3gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67116?format=json","vulnerability_id":"VCID-gj64-4nn1-gugw","summary":"An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20358","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40629","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20358"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gj64-4nn1-gugw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67104?format=json","vulnerability_id":"VCID-gr2r-45ad-f3gr","summary":"Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4201","reference_id":"","reference_type":"","scores":[{"value":"0.0655","scoring_system":"epss","scoring_elements":"0.91302","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0655","scoring_system":"epss","scoring_elements":"0.91314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0655","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0655","scoring_system":"epss","scoring_elements":"0.91311","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0655","scoring_system":"epss","scoring_elements":"0.91308","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0655","scoring_system":"epss","scoring_elements":"0.91323","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-4201"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899","reference_id":"499899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899"},{"reference_url":"https://security.gentoo.org/glsa/200811-03","reference_id":"GLSA-200811-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200811-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93981?format=json","purl":"pkg:deb/debian/faad2@2.6.1-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.6.1-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2008-4201"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gr2r-45ad-f3gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6525?format=json","vulnerability_id":"VCID-juzd-ktm6-qbge","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9223","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9223"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-juzd-ktm6-qbge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67121?format=json","vulnerability_id":"VCID-mk92-7v4p-jbc3","summary":"A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash because adding to windowed output is mishandled in the EIGHT_SHORT_SEQUENCE case.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20362","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56155","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56209","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56215","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56203","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56186","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56206","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20362"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mk92-7v4p-jbc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67128?format=json","vulnerability_id":"VCID-mmzt-hgyn-nyef","summary":"Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38858","reference_id":"","reference_type":"","scores":[{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.7468","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74686","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74673","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74656","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00815","scoring_system":"epss","scoring_elements":"0.74682","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38858"},{"reference_url":"https://security.gentoo.org/glsa/202401-13","reference_id":"GLSA-202401-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202401-13"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94000?format=json","purl":"pkg:deb/debian/faad2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2023-38858"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmzt-hgyn-nyef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5000?format=json","vulnerability_id":"VCID-mn6y-c7ta-7khc","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20199","reference_id":"","reference_type":"","scores":[{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53051","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53112","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.5312","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53101","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00295","scoring_system":"epss","scoring_elements":"0.53076","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2660","reference_id":"AVG-2660","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2660"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93996?format=json","purl":"pkg:deb/debian/faad2@2.8.8-3.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-3.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20199"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mn6y-c7ta-7khc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6526?format=json","vulnerability_id":"VCID-mnmr-srtb-k3ef","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9222","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mnmr-srtb-k3ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67109?format=json","vulnerability_id":"VCID-pknz-c1jn-qyh7","summary":"There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max <= G case.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20194","reference_id":"","reference_type":"","scores":[{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46284","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46352","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46354","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46334","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46307","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00233","scoring_system":"epss","scoring_elements":"0.46317","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20194"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pknz-c1jn-qyh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6520?format=json","vulnerability_id":"VCID-qghc-r7vk-xubw","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9257","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9257"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9257"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qghc-r7vk-xubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67106?format=json","vulnerability_id":"VCID-qxfe-szzj-euhr","summary":"An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19502","reference_id":"","reference_type":"","scores":[{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52261","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52321","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52328","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52308","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.52279","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00286","scoring_system":"epss","scoring_elements":"0.523","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641","reference_id":"914641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93993?format=json","purl":"pkg:deb/debian/faad2@2.8.8-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19502"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxfe-szzj-euhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67122?format=json","vulnerability_id":"VCID-savq-rv7w-cugh","summary":"An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is negative, a buffer overflow is later performed via getdword_n(&ld->start[words], ld->bytes_left).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15296","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56936","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56924","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56909","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56927","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57318","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57371","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93993?format=json","purl":"pkg:deb/debian/faad2@2.8.8-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2019-15296"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-savq-rv7w-cugh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6522?format=json","vulnerability_id":"VCID-td9v-cq1x-63ah","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9255","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9255"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-td9v-cq1x-63ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6521?format=json","vulnerability_id":"VCID-tjgw-2yjb-qbe3","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9256","reference_id":"","reference_type":"","scores":[{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49458","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49387","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49448","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49423","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49441","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00258","scoring_system":"epss","scoring_elements":"0.49411","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9256"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9256"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjgw-2yjb-qbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67107?format=json","vulnerability_id":"VCID-vap6-56zh-kbfg","summary":"An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19503","reference_id":"","reference_type":"","scores":[{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54049","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54105","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54113","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54103","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.5408","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00305","scoring_system":"epss","scoring_elements":"0.54102","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641","reference_id":"914641","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914641"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-19503"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vap6-56zh-kbfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7160?format=json","vulnerability_id":"VCID-vp6k-31qa-mkg8","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32276","reference_id":"","reference_type":"","scores":[{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29926","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29995","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29957","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29898","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00116","scoring_system":"epss","scoring_elements":"0.29911","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2403","reference_id":"AVG-2403","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2403"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32276"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vp6k-31qa-mkg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67115?format=json","vulnerability_id":"VCID-x74x-n77j-fbad","summary":"A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20357","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40545","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40629","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40571","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19503"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19504"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20361"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15296"},{"reference_url":"https://security.gentoo.org/glsa/202006-17","reference_id":"GLSA-202006-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202006-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93994?format=json","purl":"pkg:deb/debian/faad2@2.8.8-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.8-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2018-20357"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x74x-n77j-fbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6530?format=json","vulnerability_id":"VCID-xb3d-cy35-q3hg","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9218","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9218"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9218","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9218"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9218"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xb3d-cy35-q3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67105?format=json","vulnerability_id":"VCID-xwkx-xz37-zqhd","summary":"Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad.  NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5244","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63307","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63315","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63291","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63309","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010","reference_id":"407010","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010"},{"reference_url":"https://security.gentoo.org/glsa/201006-04","reference_id":"GLSA-201006-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-04"},{"reference_url":"https://usn.ubuntu.com/710-1/","reference_id":"USN-710-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/710-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93985?format=json","purl":"pkg:deb/debian/faad2@2.6.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.6.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2008-5244"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwkx-xz37-zqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7159?format=json","vulnerability_id":"VCID-yjty-sakh-pudz","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32277","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37421","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37324","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37415","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37364","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37388","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.3735","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2403","reference_id":"AVG-2403","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2403"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32277"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjty-sakh-pudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7163?format=json","vulnerability_id":"VCID-z72b-43u3-3uba","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32272","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51206","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51139","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.512","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51174","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51185","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51155","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32278"},{"reference_url":"https://security.archlinux.org/AVG-2403","reference_id":"AVG-2403","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2403"},{"reference_url":"https://usn.ubuntu.com/6313-1/","reference_id":"USN-6313-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6313-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2021-32272"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z72b-43u3-3uba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6529?format=json","vulnerability_id":"VCID-zjcs-9cmp-d3dr","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9219","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47618","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47617","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47584","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47601","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47571","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9219"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93986?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93982?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93980?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/93983?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"aliases":["CVE-2017-9219"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjcs-9cmp-d3dr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}