Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/123773?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "poppler", "version": "0.10.6-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.12.2-1", "latest_non_vulnerable_version": "26.01.0-5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98394?format=api", "vulnerability_id": "VCID-5dpt-nn1s-kyec", "summary": "Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39915", "scoring_system": "epss", "scoring_elements": "0.97403", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.39915", "scoring_system": "epss", "scoring_elements": "0.97409", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495906", "reference_id": "495906", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495906" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1187" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dpt-nn1s-kyec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98385?format=api", "vulnerability_id": "VCID-68jb-2vd9-xyap", "summary": "The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0756.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0756.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0756", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14855", "scoring_system": "epss", "scoring_elements": "0.94646", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14855", "scoring_system": "epss", "scoring_elements": "0.94654", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0756" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0756" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488339", "reference_id": "488339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488339" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518478", "reference_id": "518478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518478" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0756" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-68jb-2vd9-xyap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98388?format=api", "vulnerability_id": "VCID-7pe4-yqs7-jydr", "summary": "Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1179.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27841", "scoring_system": "epss", "scoring_elements": "0.96549", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.27841", "scoring_system": "epss", "scoring_elements": "0.96552", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495889", "reference_id": "495889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495889" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1179" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pe4-yqs7-jydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98395?format=api", "vulnerability_id": "VCID-97fh-jnxr-zyc8", "summary": "Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1188.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1188.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1188", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21975", "scoring_system": "epss", "scoring_elements": "0.95876", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.21975", "scoring_system": "epss", "scoring_elements": "0.9588", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1188" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495907", "reference_id": "495907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575779", "reference_id": "575779", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575779" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1501", "reference_id": "RHSA-2009:1501", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1501" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1502", "reference_id": "RHSA-2009:1502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1503", "reference_id": "RHSA-2009:1503", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1503" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1512", "reference_id": "RHSA-2009:1512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1512" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1188" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97fh-jnxr-zyc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98391?format=api", "vulnerability_id": "VCID-d1gz-vca5-sfgs", "summary": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1181.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02433", "scoring_system": "epss", "scoring_elements": "0.85432", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02433", "scoring_system": "epss", "scoring_elements": "0.85455", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495894", "reference_id": "495894", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495894" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1181" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1gz-vca5-sfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98383?format=api", "vulnerability_id": "VCID-dmc8-heea-kkg8", "summary": "The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0755.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24435", "scoring_system": "epss", "scoring_elements": "0.96213", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24435", "scoring_system": "epss", "scoring_elements": "0.96217", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0755" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=488337", "reference_id": "488337", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488337" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518478", "reference_id": "518478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518478" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32800.txt", "reference_id": "CVE-2009-0756;OSVDB-51914;CVE-2009-0755", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32800.txt" }, { "reference_url": "https://www.securityfocus.com/bid/33749/info", "reference_id": "CVE-2009-0756;OSVDB-51914;CVE-2009-0755", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/33749/info" }, { "reference_url": "https://usn.ubuntu.com/850-1/", "reference_id": "USN-850-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/850-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0755" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmc8-heea-kkg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98390?format=api", "vulnerability_id": "VCID-grqx-q3eu-xyg4", "summary": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1180.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08831", "scoring_system": "epss", "scoring_elements": "0.92681", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08831", "scoring_system": "epss", "scoring_elements": "0.92693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892", "reference_id": "495892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1180" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-grqx-q3eu-xyg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65539?format=api", "vulnerability_id": "VCID-neug-nxbs-xqcw", "summary": "Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0147.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85291", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02384", "scoring_system": "epss", "scoring_elements": "0.85314", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614", "reference_id": "490614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490614" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0147" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-neug-nxbs-xqcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65538?format=api", "vulnerability_id": "VCID-nmcj-bzmn-uqcm", "summary": "Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0146.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0146.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.8288", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01745", "scoring_system": "epss", "scoring_elements": "0.82906", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0146" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612", "reference_id": "490612", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490612" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0146" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmcj-bzmn-uqcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65542?format=api", "vulnerability_id": "VCID-qy8a-uthf-a7b6", "summary": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0166.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0519", "scoring_system": "epss", "scoring_elements": "0.90088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0519", "scoring_system": "epss", "scoring_elements": "0.90104", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625", "reference_id": "490625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/200904-20", "reference_id": "GLSA-200904-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-20" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0166" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qy8a-uthf-a7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98387?format=api", "vulnerability_id": "VCID-rpef-4zr8-aqfk", "summary": "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0800.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08985", "scoring_system": "epss", "scoring_elements": "0.92759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08985", "scoring_system": "epss", "scoring_elements": "0.92771", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887", "reference_id": "495887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0800" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpef-4zr8-aqfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98392?format=api", "vulnerability_id": "VCID-us8u-yvnn-t7bf", "summary": "Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1182.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1182.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1182", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07101", "scoring_system": "epss", "scoring_elements": "0.9168", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07101", "scoring_system": "epss", "scoring_elements": "0.91692", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1182" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896", "reference_id": "495896", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1182" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us8u-yvnn-t7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98386?format=api", "vulnerability_id": "VCID-x3ng-2ehg-mbcg", "summary": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0799.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0799.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0799", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76943", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76975", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0799" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495886", "reference_id": "495886", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" }, { "reference_url": "https://usn.ubuntu.com/973-1/", "reference_id": "USN-973-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/973-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-0799" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x3ng-2ehg-mbcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98393?format=api", "vulnerability_id": "VCID-z4hy-jaay-y7av", "summary": "The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1183.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1183.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1183", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01703", "scoring_system": "epss", "scoring_elements": "0.82644", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01703", "scoring_system": "epss", "scoring_elements": "0.8267", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1183" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=495899", "reference_id": "495899", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=495899" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806", "reference_id": "524806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809", "reference_id": "524809", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524809" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0429", "reference_id": "RHSA-2009:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0430", "reference_id": "RHSA-2009:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0431", "reference_id": "RHSA-2009:0431", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0431" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0458", "reference_id": "RHSA-2009:0458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0480", "reference_id": "RHSA-2009:0480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0480" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0399", "reference_id": "RHSA-2010:0399", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0400", "reference_id": "RHSA-2010:0400", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0400" }, { "reference_url": "https://usn.ubuntu.com/759-1/", "reference_id": "USN-759-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/759-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123773?format=api", "purl": "pkg:deb/debian/poppler@0.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1183" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4hy-jaay-y7av" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.10.6-1%3Fdistro=trixie" }