Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/187385?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/187385?format=api", "purl": "pkg:rpm/redhat/cups@1:1.1.22-0.rc1.9?arch=9", "type": "rpm", "namespace": "redhat", "name": "cups", "version": "1:1.1.22-0.rc1.9", "qualifiers": { "arch": "9" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65505?format=api", "vulnerability_id": "VCID-8s9k-3wqb-pkaw", "summary": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3193.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86907", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86929", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86926", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86922", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86912", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617798", "reference_id": "1617798", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617798" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281", "reference_id": "342281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288", "reference_id": "342288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288" }, { "reference_url": "https://security.gentoo.org/glsa/200512-08", "reference_id": "GLSA-200512-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200512-08" }, { "reference_url": "https://security.gentoo.org/glsa/200603-02", "reference_id": "GLSA-200603-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200603-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://usn.ubuntu.com/227-1/", "reference_id": "USN-227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/227-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3193" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8s9k-3wqb-pkaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65510?format=api", "vulnerability_id": "VCID-dedj-eeh3-u3gn", "summary": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3628.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86128", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86149", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86152", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86148", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.86136", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617830", "reference_id": "1617830", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617830" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3628" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dedj-eeh3-u3gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65503?format=api", "vulnerability_id": "VCID-f8ue-ced9-qqfn", "summary": "Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86907", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86929", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86926", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86922", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.03031", "scoring_system": "epss", "scoring_elements": "0.86912", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617796", "reference_id": "1617796", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617796" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281", "reference_id": "342281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288", "reference_id": "342288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288" }, { "reference_url": "https://security.gentoo.org/glsa/200512-08", "reference_id": "GLSA-200512-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200512-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://usn.ubuntu.com/227-1/", "reference_id": "USN-227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/227-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3191" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ue-ced9-qqfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65504?format=api", "vulnerability_id": "VCID-x23f-11aw-nkf7", "summary": "Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3192.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3192.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12279", "scoring_system": "epss", "scoring_elements": "0.93992", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12279", "scoring_system": "epss", "scoring_elements": "0.94001", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.12279", "scoring_system": "epss", "scoring_elements": "0.94", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.12279", "scoring_system": "epss", "scoring_elements": "0.94002", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3192" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617797", "reference_id": "1617797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617797" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281", "reference_id": "342281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342281" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288", "reference_id": "342288", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342288" }, { "reference_url": "https://security.gentoo.org/glsa/200512-08", "reference_id": "GLSA-200512-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200512-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:867", "reference_id": "RHSA-2005:867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:878", "reference_id": "RHSA-2005:878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://usn.ubuntu.com/227-1/", "reference_id": "USN-227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/227-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2005-3192" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x23f-11aw-nkf7" } ], "fixing_vulnerabilities": [], "risk_score": "0.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cups@1:1.1.22-0.rc1.9%3Farch=9" }