Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/123787?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "poppler", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.4.0-1", "latest_non_vulnerable_version": "26.01.0-5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98423?format=api", "vulnerability_id": "VCID-1s3m-1556-bqgs", "summary": "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1789.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02846", "scoring_system": "epss", "scoring_elements": "0.8649", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02846", "scoring_system": "epss", "scoring_elements": "0.86513", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1789" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109", "reference_id": "917109", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" }, { "reference_url": "https://usn.ubuntu.com/1785-1/", "reference_id": "USN-1785-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1785-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1789" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1s3m-1556-bqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98492?format=api", "vulnerability_id": "VCID-52np-cjg3-v3b2", "summary": "xpdfreader 4.03 is vulnerable to Buffer Overflow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67349", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.6739", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40226" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185", "reference_id": "viewtopic.php?f=3&t=42185", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-01T17:56:37Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-40226" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-52np-cjg3-v3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98416?format=api", "vulnerability_id": "VCID-81u8-t1f3-yqak", "summary": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1552.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22374", "scoring_system": "epss", "scoring_elements": "0.95931", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22374", "scoring_system": "epss", "scoring_elements": "0.95935", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1552" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=692853", "reference_id": "692853", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692853" }, { "reference_url": "https://security.gentoo.org/glsa/201701-57", "reference_id": "GLSA-201701-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0062", "reference_id": "RHSA-2012:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0137", "reference_id": "RHSA-2012:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1201", "reference_id": "RHSA-2012:1201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1201" }, { "reference_url": "https://usn.ubuntu.com/1335-1/", "reference_id": "USN-1335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1552" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81u8-t1f3-yqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98415?format=api", "vulnerability_id": "VCID-bdf9-n87u-33d6", "summary": "t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0764.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31187", "scoring_system": "epss", "scoring_elements": "0.96854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31187", "scoring_system": "epss", "scoring_elements": "0.96858", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=692909", "reference_id": "692909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692909" }, { "reference_url": "https://security.gentoo.org/glsa/201701-57", "reference_id": "GLSA-201701-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0062", "reference_id": "RHSA-2012:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0137", "reference_id": "RHSA-2012:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1201", "reference_id": "RHSA-2012:1201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1201" }, { "reference_url": "https://usn.ubuntu.com/1316-1/", "reference_id": "USN-1316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0764" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdf9-n87u-33d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95148?format=api", "vulnerability_id": "VCID-eybr-j113-nbdp", "summary": "poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38982", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34872" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042811", "reference_id": "1042811", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1042811" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399", "reference_id": "1399", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-09T13:46:31Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227884", "reference_id": "2227884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227884" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/", "reference_id": "3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-09T13:46:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe", "reference_id": "591235c8b6c65a2eee88991b9ae73490fd9afdfe", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-09T13:46:31Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/", "reference_id": "JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-09T13:46:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/", "reference_id": "SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-09T13:46:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/" }, { "reference_url": "https://usn.ubuntu.com/6273-1/", "reference_id": "USN-6273-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6273-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/", "reference_id": "W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-09T13:46:31Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123838?format=api", "purl": "pkg:deb/debian/poppler@24.02.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@24.02.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-34872" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eybr-j113-nbdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98428?format=api", "vulnerability_id": "VCID-fpbm-hpm1-huez", "summary": "The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7296.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7296.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02482", "scoring_system": "epss", "scoring_elements": "0.8557", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02482", "scoring_system": "epss", "scoring_elements": "0.85592", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7296" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199", "reference_id": "1048199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1048199" }, { "reference_url": "https://security.gentoo.org/glsa/201401-21", "reference_id": "GLSA-201401-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-21" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7296" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fpbm-hpm1-huez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98417?format=api", "vulnerability_id": "VCID-kbm2-5z85-mueq", "summary": "Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1553.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04953", "scoring_system": "epss", "scoring_elements": "0.89832", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04953", "scoring_system": "epss", "scoring_elements": "0.89848", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1553" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=692854", "reference_id": "692854", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692854" }, { "reference_url": "https://security.gentoo.org/glsa/201701-57", "reference_id": "GLSA-201701-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0062", "reference_id": "RHSA-2012:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0137", "reference_id": "RHSA-2012:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1201", "reference_id": "RHSA-2012:1201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1201" }, { "reference_url": "https://usn.ubuntu.com/1335-1/", "reference_id": "USN-1335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1553" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbm2-5z85-mueq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5770?format=api", "vulnerability_id": "VCID-qged-q2fy-tfgj", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35702.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35702.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35702", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.6344", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35702" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912912", "reference_id": "1912912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912912" }, { "reference_url": "https://security.archlinux.org/ASA-202101-3", "reference_id": "ASA-202101-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-3" }, { "reference_url": "https://security.archlinux.org/AVG-1382", "reference_id": "AVG-1382", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1382" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35702" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qged-q2fy-tfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98419?format=api", "vulnerability_id": "VCID-srx1-bw8h-r3bq", "summary": "Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1554.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06576", "scoring_system": "epss", "scoring_elements": "0.9132", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06576", "scoring_system": "epss", "scoring_elements": "0.91333", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1554" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=692856", "reference_id": "692856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692856" }, { "reference_url": "https://security.gentoo.org/glsa/201701-57", "reference_id": "GLSA-201701-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-57" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0062", "reference_id": "RHSA-2012:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:0137", "reference_id": "RHSA-2012:0137", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:0137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1201", "reference_id": "RHSA-2012:1201", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1201" }, { "reference_url": "https://usn.ubuntu.com/1335-1/", "reference_id": "USN-1335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/123787?format=api", "purl": "pkg:deb/debian/poppler@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123753?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123751?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123756?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123754?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-e3pp-vnez-rude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/123755?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076593?format=api", "purl": "pkg:deb/debian/poppler@26.01.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-5%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1554" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-srx1-bw8h-r3bq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0%3Fdistro=trixie" }