Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/194097?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/194097?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.5.9", "type": "ebuild", "namespace": "media-libs", "name": "libextractor", "version": "0.5.9", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.5.14", "latest_non_vulnerable_version": "3.01-r5", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65509?format=api", "vulnerability_id": "VCID-3ebb-8uv9-k7cy", "summary": "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3627.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3627.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89095", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04327", "scoring_system": "epss", "scoring_elements": "0.89112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3627" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617829", "reference_id": "1617829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617829" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076", "reference_id": "346076", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194096?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.4.3-r4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4" }, { "url": "http://public2.vulnerablecode.io/api/packages/194097?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194098?format=api", "purl": "pkg:ebuild/media-libs/libextractor@2.10.0-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194099?format=api", "purl": "pkg:ebuild/media-libs/libextractor@3.01-r5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5" } ], "aliases": [ "CVE-2005-3627" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ebb-8uv9-k7cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65506?format=api", "vulnerability_id": "VCID-mn31-8fw8-fbby", "summary": "The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3624.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3624.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3624", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07223", "scoring_system": "epss", "scoring_elements": "0.91759", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07223", "scoring_system": "epss", "scoring_elements": "0.91771", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3624" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617826", "reference_id": "1617826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617826" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076", "reference_id": "346076", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194096?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.4.3-r4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4" }, { "url": "http://public2.vulnerablecode.io/api/packages/194097?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194098?format=api", "purl": "pkg:ebuild/media-libs/libextractor@2.10.0-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194099?format=api", "purl": "pkg:ebuild/media-libs/libextractor@3.01-r5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5" } ], "aliases": [ "CVE-2005-3624" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mn31-8fw8-fbby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65508?format=api", "vulnerability_id": "VCID-nw43-g144-hkff", "summary": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3626.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3626.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.9284", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09167", "scoring_system": "epss", "scoring_elements": "0.92852", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617828", "reference_id": "1617828", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617828" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194096?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.4.3-r4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4" }, { "url": "http://public2.vulnerablecode.io/api/packages/194097?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194098?format=api", "purl": "pkg:ebuild/media-libs/libextractor@2.10.0-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194099?format=api", "purl": "pkg:ebuild/media-libs/libextractor@3.01-r5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5" } ], "aliases": [ "CVE-2005-3626" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nw43-g144-hkff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65507?format=api", "vulnerability_id": "VCID-ucw2-n999-nyh6", "summary": "Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka \"Infinite CPU spins.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3625.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3625.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3625", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11286", "scoring_system": "epss", "scoring_elements": "0.93665", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11286", "scoring_system": "epss", "scoring_elements": "0.93675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3625" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617827", "reference_id": "1617827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617827" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076", "reference_id": "346076", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076" }, { "reference_url": "https://security.gentoo.org/glsa/200601-02", "reference_id": "GLSA-200601-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-02" }, { "reference_url": "https://security.gentoo.org/glsa/200601-17", "reference_id": "GLSA-200601-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200601-17" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:840", "reference_id": "RHSA-2005:840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:868", "reference_id": "RHSA-2005:868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0160", "reference_id": "RHSA-2006:0160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0160" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0163", "reference_id": "RHSA-2006:0163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0177", "reference_id": "RHSA-2006:0177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0177" }, { "reference_url": "https://usn.ubuntu.com/236-1/", "reference_id": "USN-236-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-1/" }, { "reference_url": "https://usn.ubuntu.com/236-2/", "reference_id": "USN-236-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/236-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/194096?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.4.3-r4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4" }, { "url": "http://public2.vulnerablecode.io/api/packages/194097?format=api", "purl": "pkg:ebuild/media-libs/libextractor@0.5.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/194098?format=api", "purl": "pkg:ebuild/media-libs/libextractor@2.10.0-r3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3" }, { "url": "http://public2.vulnerablecode.io/api/packages/194099?format=api", "purl": "pkg:ebuild/media-libs/libextractor@3.01-r5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5" } ], "aliases": [ "CVE-2005-3625" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ucw2-n999-nyh6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9" }