{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35154?format=json","vulnerability_id":"VCID-4xqx-q5an-63df","summary":"The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.","aliases":[{"alias":"CVE-2017-17555"},{"alias":"PYSEC-2017-77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10570?format=json","purl":"pkg:pypi/aubio@0.4.3a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3a1"},{"url":"http://public2.vulnerablecode.io/api/packages/10571?format=json","purl":"pkg:pypi/aubio@0.4.3a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3a2"},{"url":"http://public2.vulnerablecode.io/api/packages/10572?format=json","purl":"pkg:pypi/aubio@0.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/10573?format=json","purl":"pkg:pypi/aubio@0.4.3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/10574?format=json","purl":"pkg:pypi/aubio@0.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/10575?format=json","purl":"pkg:pypi/aubio@0.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/10576?format=json","purl":"pkg:pypi/aubio@0.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.6"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html"},{"reference_url":"https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17555","reference_id":"CVE-2017-17555","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17555"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":476,"name":"NULL Pointer Dereference","description":"A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqx-q5an-63df"}