Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/187367?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/187367?format=api", "purl": "pkg:rpm/redhat/xpdf@1:3.00-11?arch=10", "type": "rpm", "namespace": "redhat", "name": "xpdf", "version": "1:3.00-11", "qualifiers": { "arch": "10" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65509?format=api", "vulnerability_id": "VCID-3ebb-8uv9-k7cy", "summary": "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3627.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3627.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89095", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617829", "reference_id": "1617829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617829" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076", "reference_id": "346076", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3627" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ebb-8uv9-k7cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65505?format=api", "vulnerability_id": "VCID-8s9k-3wqb-pkaw", "summary": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3193.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86907", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617798", "reference_id": "1617798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617798" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281", "reference_id": "342281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288", "reference_id": "342288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288" }, { "reference_url": "https://security.gentoo.org/glsa/200512-08", "reference_id": "GLSA-200512-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200512-08" }, { "reference_url": "https://security.gentoo.org/glsa/200603-02", "reference_id": "GLSA-200603-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200603-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://usn.ubuntu.com/227-1/", "reference_id": "USN-227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/227-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3193" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8s9k-3wqb-pkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65510?format=api", "vulnerability_id": "VCID-dedj-eeh3-u3gn", "summary": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3628.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86128", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86149", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617830", "reference_id": "1617830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617830" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3628" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dedj-eeh3-u3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65503?format=api", "vulnerability_id": "VCID-f8ue-ced9-qqfn", "summary": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86907", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617796", "reference_id": "1617796", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617796" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281", "reference_id": "342281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288", "reference_id": "342288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288" }, { "reference_url": "https://security.gentoo.org/glsa/200512-08", "reference_id": "GLSA-200512-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200512-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://usn.ubuntu.com/227-1/", "reference_id": "USN-227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/227-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3191" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ue-ced9-qqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65506?format=api", "vulnerability_id": "VCID-mn31-8fw8-fbby", "summary": "The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3624.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07223", "scoring_system": "epss", "scoring_elements": "0.91759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07223", "scoring_system": "epss", "scoring_elements": "0.91771", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617826", "reference_id": "1617826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617826" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076", "reference_id": "346076", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3624" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn31-8fw8-fbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65508?format=api", "vulnerability_id": "VCID-nw43-g144-hkff", "summary": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3626.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3626.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.9284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.92852", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617828", "reference_id": "1617828", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617828" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3626" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw43-g144-hkff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65507?format=api", "vulnerability_id": "VCID-ucw2-n999-nyh6", "summary": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3625.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11286", "scoring_system": "epss", "scoring_elements": "0.93665", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11286", "scoring_system": "epss", "scoring_elements": "0.93675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617827", "reference_id": "1617827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617827" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076", "reference_id": "346076", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3625" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucw2-n999-nyh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65504?format=api", "vulnerability_id": "VCID-x23f-11aw-nkf7", "summary": "Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12279", "scoring_system": "epss", "scoring_elements": "0.93992", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12279", "scoring_system": "epss", "scoring_elements": "0.94001", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3192" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617797", "reference_id": "1617797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617797" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281", "reference_id": "342281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288", "reference_id": "342288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288" }, { "reference_url": "https://security.gentoo.org/glsa/200512-08", "reference_id": "GLSA-200512-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200512-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://usn.ubuntu.com/227-1/", "reference_id": "USN-227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/227-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3192" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x23f-11aw-nkf7" } ], "fixing_vulnerabilities": [], "risk_score": "0.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xpdf@1:3.00-11%3Farch=10" }