{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35236?format=json","vulnerability_id":"VCID-7uwy-g2fv-xfc7","summary":"An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.","aliases":[{"alias":"CVE-2018-14523"},{"alias":"PYSEC-2018-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10577?format=json","purl":"pkg:pypi/aubio@0.4.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-uavx-j693-b3bj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.7"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/10570?format=json","purl":"pkg:pypi/aubio@0.4.3a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3a1"},{"url":"http://public2.vulnerablecode.io/api/packages/10571?format=json","purl":"pkg:pypi/aubio@0.4.3a2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3a2"},{"url":"http://public2.vulnerablecode.io/api/packages/10572?format=json","purl":"pkg:pypi/aubio@0.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/10573?format=json","purl":"pkg:pypi/aubio@0.4.3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.3.post1"},{"url":"http://public2.vulnerablecode.io/api/packages/10574?format=json","purl":"pkg:pypi/aubio@0.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.4"},{"url":"http://public2.vulnerablecode.io/api/packages/10575?format=json","purl":"pkg:pypi/aubio@0.4.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/10576?format=json","purl":"pkg:pypi/aubio@0.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vct-fzbc-27ep"},{"vulnerability":"VCID-3yb2-e9ke-auc4"},{"vulnerability":"VCID-4xqx-q5an-63df"},{"vulnerability":"VCID-7uwy-g2fv-xfc7"},{"vulnerability":"VCID-ecxp-5hv8-mbbd"},{"vulnerability":"VCID-eymz-cpuw-1kcb"},{"vulnerability":"VCID-t5xc-9bzf-5kas"},{"vulnerability":"VCID-uavx-j693-b3bj"},{"vulnerability":"VCID-zvqm-pym8-9ug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/aubio@0.4.6"}],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html"},{"reference_url":"https://github.com/aubio/aubio/issues/189","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/aubio/aubio/issues/189"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14523","reference_id":"CVE-2018-14523","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14523"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uwy-g2fv-xfc7"}