{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93371?format=json","vulnerability_id":"VCID-2qkx-5mua-qbfh","summary":"The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file.","aliases":[{"alias":"CVE-2017-9219"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372969?format=json","purl":"pkg:alpm/archlinux/faad2@2.8.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/faad2@2.8.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/582272?format=json","purl":"pkg:deb/debian/faad2@2.8.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1037925?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1~deb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jc2-bqz4-7qdy"},{"vulnerability":"VCID-a78p-kvvr-6yev"},{"vulnerability":"VCID-efzv-dpsf-4bdj"},{"vulnerability":"VCID-g8jn-gecn-3kbh"},{"vulnerability":"VCID-susc-yxw7-nuhq"},{"vulnerability":"VCID-suvg-gvkm-guhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1~deb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/582268?format=json","purl":"pkg:deb/debian/faad2@2.10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582269?format=json","purl":"pkg:deb/debian/faad2@2.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582270?format=json","purl":"pkg:deb/debian/faad2@2.11.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.11.2-1%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372968?format=json","purl":"pkg:alpm/archlinux/faad2@2.7-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-137n-d6bn-pucd"},{"vulnerability":"VCID-2qkx-5mua-qbfh"},{"vulnerability":"VCID-53bt-akgh-nkb8"},{"vulnerability":"VCID-8rem-57bh-tffv"},{"vulnerability":"VCID-b2jx-kqkj-t7a3"},{"vulnerability":"VCID-chcg-rgqj-53bz"},{"vulnerability":"VCID-g81z-k4p8-kkfy"},{"vulnerability":"VCID-hdpz-xtwf-pucb"},{"vulnerability":"VCID-he5k-ga6q-tqch"},{"vulnerability":"VCID-rjqt-nghm-euab"},{"vulnerability":"VCID-vbv2-cdkz-7qe8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/faad2@2.7-4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037036?format=json","purl":"pkg:deb/debian/faad2@2.6.1-3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-137n-d6bn-pucd"},{"vulnerability":"VCID-187z-v5ch-yqfu"},{"vulnerability":"VCID-1jc2-bqz4-7qdy"},{"vulnerability":"VCID-2qkx-5mua-qbfh"},{"vulnerability":"VCID-34d7-q5p3-fua1"},{"vulnerability":"VCID-53bt-akgh-nkb8"},{"vulnerability":"VCID-5mun-g1fm-73aq"},{"vulnerability":"VCID-6dn6-jvsq-pudm"},{"vulnerability":"VCID-867f-4yg1-bfdn"},{"vulnerability":"VCID-8rem-57bh-tffv"},{"vulnerability":"VCID-a78p-kvvr-6yev"},{"vulnerability":"VCID-amm7-4bpv-qqbq"},{"vulnerability":"VCID-b2jx-kqkj-t7a3"},{"vulnerability":"VCID-b97n-ccje-pfbt"},{"vulnerability":"VCID-chcg-rgqj-53bz"},{"vulnerability":"VCID-d1b3-e4zt-43hb"},{"vulnerability":"VCID-ds21-j4p7-vuch"},{"vulnerability":"VCID-efzv-dpsf-4bdj"},{"vulnerability":"VCID-g81z-k4p8-kkfy"},{"vulnerability":"VCID-g8jn-gecn-3kbh"},{"vulnerability":"VCID-hdpz-xtwf-pucb"},{"vulnerability":"VCID-he5k-ga6q-tqch"},{"vulnerability":"VCID-j1wx-21jw-8qcb"},{"vulnerability":"VCID-rjqt-nghm-euab"},{"vulnerability":"VCID-srqt-j35t-23gx"},{"vulnerability":"VCID-susc-yxw7-nuhq"},{"vulnerability":"VCID-suvg-gvkm-guhk"},{"vulnerability":"VCID-tjyx-zh49-pufn"},{"vulnerability":"VCID-vbv2-cdkz-7qe8"},{"vulnerability":"VCID-vhp5-hmgq-ebgd"},{"vulnerability":"VCID-yyc2-dvcb-x7bp"},{"vulnerability":"VCID-z5mf-w8ny-rfcn"},{"vulnerability":"VCID-z9wm-y8q6-2fc5"},{"vulnerability":"VCID-za4y-a3ry-8ycw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.6.1-3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037037?format=json","purl":"pkg:deb/debian/faad2@2.7-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-137n-d6bn-pucd"},{"vulnerability":"VCID-187z-v5ch-yqfu"},{"vulnerability":"VCID-1jc2-bqz4-7qdy"},{"vulnerability":"VCID-2qkx-5mua-qbfh"},{"vulnerability":"VCID-34d7-q5p3-fua1"},{"vulnerability":"VCID-53bt-akgh-nkb8"},{"vulnerability":"VCID-5mun-g1fm-73aq"},{"vulnerability":"VCID-6dn6-jvsq-pudm"},{"vulnerability":"VCID-867f-4yg1-bfdn"},{"vulnerability":"VCID-8rem-57bh-tffv"},{"vulnerability":"VCID-a78p-kvvr-6yev"},{"vulnerability":"VCID-amm7-4bpv-qqbq"},{"vulnerability":"VCID-b2jx-kqkj-t7a3"},{"vulnerability":"VCID-b97n-ccje-pfbt"},{"vulnerability":"VCID-chcg-rgqj-53bz"},{"vulnerability":"VCID-d1b3-e4zt-43hb"},{"vulnerability":"VCID-ds21-j4p7-vuch"},{"vulnerability":"VCID-efzv-dpsf-4bdj"},{"vulnerability":"VCID-g81z-k4p8-kkfy"},{"vulnerability":"VCID-g8jn-gecn-3kbh"},{"vulnerability":"VCID-hdpz-xtwf-pucb"},{"vulnerability":"VCID-he5k-ga6q-tqch"},{"vulnerability":"VCID-j1wx-21jw-8qcb"},{"vulnerability":"VCID-rjqt-nghm-euab"},{"vulnerability":"VCID-srqt-j35t-23gx"},{"vulnerability":"VCID-susc-yxw7-nuhq"},{"vulnerability":"VCID-suvg-gvkm-guhk"},{"vulnerability":"VCID-tjyx-zh49-pufn"},{"vulnerability":"VCID-vbv2-cdkz-7qe8"},{"vulnerability":"VCID-vhp5-hmgq-ebgd"},{"vulnerability":"VCID-yyc2-dvcb-x7bp"},{"vulnerability":"VCID-z5mf-w8ny-rfcn"},{"vulnerability":"VCID-z9wm-y8q6-2fc5"},{"vulnerability":"VCID-za4y-a3ry-8ycw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.7-6"},{"url":"http://public2.vulnerablecode.io/api/packages/1037038?format=json","purl":"pkg:deb/debian/faad2@2.7-8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-137n-d6bn-pucd"},{"vulnerability":"VCID-187z-v5ch-yqfu"},{"vulnerability":"VCID-1jc2-bqz4-7qdy"},{"vulnerability":"VCID-2qkx-5mua-qbfh"},{"vulnerability":"VCID-34d7-q5p3-fua1"},{"vulnerability":"VCID-53bt-akgh-nkb8"},{"vulnerability":"VCID-5mun-g1fm-73aq"},{"vulnerability":"VCID-6dn6-jvsq-pudm"},{"vulnerability":"VCID-867f-4yg1-bfdn"},{"vulnerability":"VCID-8rem-57bh-tffv"},{"vulnerability":"VCID-a78p-kvvr-6yev"},{"vulnerability":"VCID-amm7-4bpv-qqbq"},{"vulnerability":"VCID-b2jx-kqkj-t7a3"},{"vulnerability":"VCID-b97n-ccje-pfbt"},{"vulnerability":"VCID-chcg-rgqj-53bz"},{"vulnerability":"VCID-d1b3-e4zt-43hb"},{"vulnerability":"VCID-ds21-j4p7-vuch"},{"vulnerability":"VCID-efzv-dpsf-4bdj"},{"vulnerability":"VCID-g81z-k4p8-kkfy"},{"vulnerability":"VCID-g8jn-gecn-3kbh"},{"vulnerability":"VCID-hdpz-xtwf-pucb"},{"vulnerability":"VCID-he5k-ga6q-tqch"},{"vulnerability":"VCID-j1wx-21jw-8qcb"},{"vulnerability":"VCID-rjqt-nghm-euab"},{"vulnerability":"VCID-srqt-j35t-23gx"},{"vulnerability":"VCID-susc-yxw7-nuhq"},{"vulnerability":"VCID-suvg-gvkm-guhk"},{"vulnerability":"VCID-tjyx-zh49-pufn"},{"vulnerability":"VCID-vbv2-cdkz-7qe8"},{"vulnerability":"VCID-vhp5-hmgq-ebgd"},{"vulnerability":"VCID-yyc2-dvcb-x7bp"},{"vulnerability":"VCID-z5mf-w8ny-rfcn"},{"vulnerability":"VCID-z9wm-y8q6-2fc5"},{"vulnerability":"VCID-za4y-a3ry-8ycw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.7-8"},{"url":"http://public2.vulnerablecode.io/api/packages/1037039?format=json","purl":"pkg:deb/debian/faad2@2.7-8%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-137n-d6bn-pucd"},{"vulnerability":"VCID-187z-v5ch-yqfu"},{"vulnerability":"VCID-1jc2-bqz4-7qdy"},{"vulnerability":"VCID-2qkx-5mua-qbfh"},{"vulnerability":"VCID-34d7-q5p3-fua1"},{"vulnerability":"VCID-53bt-akgh-nkb8"},{"vulnerability":"VCID-5mun-g1fm-73aq"},{"vulnerability":"VCID-6dn6-jvsq-pudm"},{"vulnerability":"VCID-867f-4yg1-bfdn"},{"vulnerability":"VCID-8rem-57bh-tffv"},{"vulnerability":"VCID-a78p-kvvr-6yev"},{"vulnerability":"VCID-amm7-4bpv-qqbq"},{"vulnerability":"VCID-b2jx-kqkj-t7a3"},{"vulnerability":"VCID-b97n-ccje-pfbt"},{"vulnerability":"VCID-chcg-rgqj-53bz"},{"vulnerability":"VCID-d1b3-e4zt-43hb"},{"vulnerability":"VCID-ds21-j4p7-vuch"},{"vulnerability":"VCID-efzv-dpsf-4bdj"},{"vulnerability":"VCID-g81z-k4p8-kkfy"},{"vulnerability":"VCID-g8jn-gecn-3kbh"},{"vulnerability":"VCID-hdpz-xtwf-pucb"},{"vulnerability":"VCID-he5k-ga6q-tqch"},{"vulnerability":"VCID-j1wx-21jw-8qcb"},{"vulnerability":"VCID-rjqt-nghm-euab"},{"vulnerability":"VCID-srqt-j35t-23gx"},{"vulnerability":"VCID-susc-yxw7-nuhq"},{"vulnerability":"VCID-suvg-gvkm-guhk"},{"vulnerability":"VCID-tjyx-zh49-pufn"},{"vulnerability":"VCID-vbv2-cdkz-7qe8"},{"vulnerability":"VCID-vhp5-hmgq-ebgd"},{"vulnerability":"VCID-yyc2-dvcb-x7bp"},{"vulnerability":"VCID-z5mf-w8ny-rfcn"},{"vulnerability":"VCID-z9wm-y8q6-2fc5"},{"vulnerability":"VCID-za4y-a3ry-8ycw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.7-8%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037040?format=json","purl":"pkg:deb/debian/faad2@2.8.0~cvs20161113-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-137n-d6bn-pucd"},{"vulnerability":"VCID-187z-v5ch-yqfu"},{"vulnerability":"VCID-1jc2-bqz4-7qdy"},{"vulnerability":"VCID-2qkx-5mua-qbfh"},{"vulnerability":"VCID-34d7-q5p3-fua1"},{"vulnerability":"VCID-53bt-akgh-nkb8"},{"vulnerability":"VCID-5mun-g1fm-73aq"},{"vulnerability":"VCID-6dn6-jvsq-pudm"},{"vulnerability":"VCID-867f-4yg1-bfdn"},{"vulnerability":"VCID-8rem-57bh-tffv"},{"vulnerability":"VCID-a78p-kvvr-6yev"},{"vulnerability":"VCID-amm7-4bpv-qqbq"},{"vulnerability":"VCID-b2jx-kqkj-t7a3"},{"vulnerability":"VCID-b97n-ccje-pfbt"},{"vulnerability":"VCID-chcg-rgqj-53bz"},{"vulnerability":"VCID-d1b3-e4zt-43hb"},{"vulnerability":"VCID-ds21-j4p7-vuch"},{"vulnerability":"VCID-efzv-dpsf-4bdj"},{"vulnerability":"VCID-g81z-k4p8-kkfy"},{"vulnerability":"VCID-g8jn-gecn-3kbh"},{"vulnerability":"VCID-hdpz-xtwf-pucb"},{"vulnerability":"VCID-he5k-ga6q-tqch"},{"vulnerability":"VCID-j1wx-21jw-8qcb"},{"vulnerability":"VCID-rjqt-nghm-euab"},{"vulnerability":"VCID-srqt-j35t-23gx"},{"vulnerability":"VCID-susc-yxw7-nuhq"},{"vulnerability":"VCID-suvg-gvkm-guhk"},{"vulnerability":"VCID-tjyx-zh49-pufn"},{"vulnerability":"VCID-vbv2-cdkz-7qe8"},{"vulnerability":"VCID-vhp5-hmgq-ebgd"},{"vulnerability":"VCID-yyc2-dvcb-x7bp"},{"vulnerability":"VCID-z5mf-w8ny-rfcn"},{"vulnerability":"VCID-z9wm-y8q6-2fc5"},{"vulnerability":"VCID-za4y-a3ry-8ycw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/faad2@2.8.0~cvs20161113-1%252Bdeb9u2"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9219","reference_id":"","reference_type":"","scores":[{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47309","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47325","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47382","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47386","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47383","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47389","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47448","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47378","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47387","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47334","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47252","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47316","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47335","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00241","scoring_system":"epss","scoring_elements":"0.47278","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9219"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724","reference_id":"867724","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867724"},{"reference_url":"https://security.archlinux.org/AVG-328","reference_id":"AVG-328","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-328"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qkx-5mua-qbfh"}