{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206249?format=json","vulnerability_id":"VCID-d85c-bz9k-vkdn","summary":"An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.","aliases":[{"alias":"CVE-2018-17095"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24689?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1080421?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-nq2j-2wry-myan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-5"},{"url":"http://public2.vulnerablecode.io/api/packages/24686?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-5%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-5%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/24690?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-7%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1073935?format=json","purl":"pkg:deb/debian/audiofile@0.1.5-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-u2b7-tgg4-u3gt"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.1.5-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1073936?format=json","purl":"pkg:deb/debian/audiofile@0.1.9-0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-u2b7-tgg4-u3gt"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.1.9-0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1073937?format=json","purl":"pkg:deb/debian/audiofile@0.2.3-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-u2b7-tgg4-u3gt"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.2.3-4"},{"url":"http://public2.vulnerablecode.io/api/packages/1073938?format=json","purl":"pkg:deb/debian/audiofile@0.2.6-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-u2b7-tgg4-u3gt"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.2.6-6"},{"url":"http://public2.vulnerablecode.io/api/packages/1073939?format=json","purl":"pkg:deb/debian/audiofile@0.2.6-6%2Betch1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-u2b7-tgg4-u3gt"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.2.6-6%252Betch1"},{"url":"http://public2.vulnerablecode.io/api/packages/1073940?format=json","purl":"pkg:deb/debian/audiofile@0.2.6-7%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-u2b7-tgg4-u3gt"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.2.6-7%252Blenny1"},{"url":"http://public2.vulnerablecode.io/api/packages/1073941?format=json","purl":"pkg:deb/debian/audiofile@0.2.6-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.2.6-8"},{"url":"http://public2.vulnerablecode.io/api/packages/1073942?format=json","purl":"pkg:deb/debian/audiofile@0.3.4-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.4-2"},{"url":"http://public2.vulnerablecode.io/api/packages/1073943?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-2"},{"url":"http://public2.vulnerablecode.io/api/packages/1073944?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-2%2Bdeb8u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2md5-usy6-efc3"},{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-8xq7-25m9-vfc9"},{"vulnerability":"VCID-9fjs-cnsw-mbhe"},{"vulnerability":"VCID-crse-4yfc-gqeq"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-j74u-t4dm-tudh"},{"vulnerability":"VCID-mj5u-4zk8-kqf7"},{"vulnerability":"VCID-nnar-byb2-rug1"},{"vulnerability":"VCID-nq2j-2wry-myan"},{"vulnerability":"VCID-p7v9-t4ew-t7cx"},{"vulnerability":"VCID-qu5b-p9dr-rkah"},{"vulnerability":"VCID-rbfg-kd5c-rfcz"},{"vulnerability":"VCID-s93b-682p-xkgx"},{"vulnerability":"VCID-t8q9-2agx-7bfp"},{"vulnerability":"VCID-xdzd-f63a-e7ak"},{"vulnerability":"VCID-xza9-czke-9uh5"},{"vulnerability":"VCID-yzvm-bupg-2fdc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-2%252Bdeb8u2"},{"url":"http://public2.vulnerablecode.io/api/packages/1080144?format=json","purl":"pkg:deb/debian/audiofile@0.3.6-4%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-d85c-bz9k-vkdn"},{"vulnerability":"VCID-hfya-313d-mya7"},{"vulnerability":"VCID-nq2j-2wry-myan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/audiofile@0.3.6-4%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/348815?format=json","purl":"pkg:rpm/redhat/audiofile@1:0.3.6-9?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8c2z-8e7m-pke9"},{"vulnerability":"VCID-d85c-bz9k-vkdn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/audiofile@1:0.3.6-9%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17095.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17095.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17095","reference_id":"","reference_type":"","scores":[{"value":"0.14976","scoring_system":"epss","scoring_elements":"0.94717","published_at":"2026-06-11T12:55:00Z"},{"value":"0.14976","scoring_system":"epss","scoring_elements":"0.94735","published_at":"2026-06-12T12:55:00Z"},{"value":"0.14976","scoring_system":"epss","scoring_elements":"0.94742","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17095"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1631088","reference_id":"1631088","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1631088"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913166","reference_id":"913166","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3877","reference_id":"RHSA-2020:3877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3877"},{"reference_url":"https://usn.ubuntu.com/3800-1/","reference_id":"USN-3800-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3800-1/"},{"reference_url":"https://usn.ubuntu.com/6558-1/","reference_id":"USN-6558-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6558-1/"}],"weaknesses":[{"cwe_id":122,"name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}],"exploits":[],"severity_range_score":"7.0 - 7.0","exploitability":"0.5","weighted_severity":"6.3","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d85c-bz9k-vkdn"}