Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:ebuild/media-libs/libextractor@2.10.0-r3

Type ebuild

Namespace media-libs

Name libextractor

Version 2.10.0-r3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.01-r5

Latest_non_vulnerable_version 3.01-r5

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3ebb-8uv9-k7cy

vulnerability_id VCID-3ebb-8uv9-k7cy

summary Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3627.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3627.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-3627

reference_id

reference_type

scores

value	0.04327
scoring_system	epss
scoring_elements	0.89095
published_at	2026-06-04T12:55:00Z

value	0.04327
scoring_system	epss
scoring_elements	0.89112
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617829
reference_id	1617829
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617829

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076
reference_id	346076
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076

reference_url	https://security.gentoo.org/glsa/200601-02
reference_id	GLSA-200601-02
reference_type
scores
url	https://security.gentoo.org/glsa/200601-02

reference_url	https://security.gentoo.org/glsa/200601-17
reference_id	GLSA-200601-17
reference_type
scores
url	https://security.gentoo.org/glsa/200601-17

reference_url	https://access.redhat.com/errata/RHSA-2005:840
reference_id	RHSA-2005:840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:840

reference_url	https://access.redhat.com/errata/RHSA-2005:868
reference_id	RHSA-2005:868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:868

reference_url	https://access.redhat.com/errata/RHSA-2006:0160
reference_id	RHSA-2006:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0160

reference_url	https://access.redhat.com/errata/RHSA-2006:0163
reference_id	RHSA-2006:0163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0163

reference_url	https://access.redhat.com/errata/RHSA-2006:0177
reference_id	RHSA-2006:0177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0177

reference_url	https://usn.ubuntu.com/236-1/
reference_id	USN-236-1
reference_type
scores
url	https://usn.ubuntu.com/236-1/

reference_url	https://usn.ubuntu.com/236-2/
reference_id	USN-236-2
reference_type
scores
url	https://usn.ubuntu.com/236-2/

fixed_packages

url	pkg:ebuild/media-libs/libextractor@0.4.3-r4
purl	pkg:ebuild/media-libs/libextractor@0.4.3-r4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4

url	pkg:ebuild/media-libs/libextractor@0.5.9
purl	pkg:ebuild/media-libs/libextractor@0.5.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9

url	pkg:ebuild/media-libs/libextractor@2.10.0-r3
purl	pkg:ebuild/media-libs/libextractor@2.10.0-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3

url	pkg:ebuild/media-libs/libextractor@3.01-r5
purl	pkg:ebuild/media-libs/libextractor@3.01-r5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5

aliases CVE-2005-3627

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ebb-8uv9-k7cy

url VCID-mn31-8fw8-fbby

vulnerability_id VCID-mn31-8fw8-fbby

summary The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3624.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3624.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-3624

reference_id

reference_type

scores

value	0.07223
scoring_system	epss
scoring_elements	0.91759
published_at	2026-06-04T12:55:00Z

value	0.07223
scoring_system	epss
scoring_elements	0.91771
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-3624

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617826
reference_id	1617826
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617826

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076
reference_id	346076
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076

reference_url	https://security.gentoo.org/glsa/200601-02
reference_id	GLSA-200601-02
reference_type
scores
url	https://security.gentoo.org/glsa/200601-02

reference_url	https://security.gentoo.org/glsa/200601-17
reference_id	GLSA-200601-17
reference_type
scores
url	https://security.gentoo.org/glsa/200601-17

reference_url	https://access.redhat.com/errata/RHSA-2005:840
reference_id	RHSA-2005:840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:840

reference_url	https://access.redhat.com/errata/RHSA-2005:868
reference_id	RHSA-2005:868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:868

reference_url	https://access.redhat.com/errata/RHSA-2006:0160
reference_id	RHSA-2006:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0160

reference_url	https://access.redhat.com/errata/RHSA-2006:0163
reference_id	RHSA-2006:0163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0163

reference_url	https://access.redhat.com/errata/RHSA-2006:0177
reference_id	RHSA-2006:0177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0177

reference_url	https://usn.ubuntu.com/236-1/
reference_id	USN-236-1
reference_type
scores
url	https://usn.ubuntu.com/236-1/

reference_url	https://usn.ubuntu.com/236-2/
reference_id	USN-236-2
reference_type
scores
url	https://usn.ubuntu.com/236-2/

fixed_packages

url	pkg:ebuild/media-libs/libextractor@0.4.3-r4
purl	pkg:ebuild/media-libs/libextractor@0.4.3-r4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4

url	pkg:ebuild/media-libs/libextractor@0.5.9
purl	pkg:ebuild/media-libs/libextractor@0.5.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9

url	pkg:ebuild/media-libs/libextractor@2.10.0-r3
purl	pkg:ebuild/media-libs/libextractor@2.10.0-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3

url	pkg:ebuild/media-libs/libextractor@3.01-r5
purl	pkg:ebuild/media-libs/libextractor@3.01-r5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5

aliases CVE-2005-3624

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mn31-8fw8-fbby

url VCID-nw43-g144-hkff

vulnerability_id VCID-nw43-g144-hkff

summary Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3626.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3626.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-3626

reference_id

reference_type

scores

value	0.09167
scoring_system	epss
scoring_elements	0.9284
published_at	2026-06-04T12:55:00Z

value	0.09167
scoring_system	epss
scoring_elements	0.92852
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-3626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617828
reference_id	1617828
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617828

reference_url	https://security.gentoo.org/glsa/200601-02
reference_id	GLSA-200601-02
reference_type
scores
url	https://security.gentoo.org/glsa/200601-02

reference_url	https://security.gentoo.org/glsa/200601-17
reference_id	GLSA-200601-17
reference_type
scores
url	https://security.gentoo.org/glsa/200601-17

reference_url	https://access.redhat.com/errata/RHSA-2005:840
reference_id	RHSA-2005:840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:840

reference_url	https://access.redhat.com/errata/RHSA-2005:868
reference_id	RHSA-2005:868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:868

reference_url	https://access.redhat.com/errata/RHSA-2006:0160
reference_id	RHSA-2006:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0160

reference_url	https://access.redhat.com/errata/RHSA-2006:0163
reference_id	RHSA-2006:0163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0163

reference_url	https://access.redhat.com/errata/RHSA-2006:0177
reference_id	RHSA-2006:0177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0177

reference_url	https://usn.ubuntu.com/236-1/
reference_id	USN-236-1
reference_type
scores
url	https://usn.ubuntu.com/236-1/

reference_url	https://usn.ubuntu.com/236-2/
reference_id	USN-236-2
reference_type
scores
url	https://usn.ubuntu.com/236-2/

fixed_packages

url	pkg:ebuild/media-libs/libextractor@0.4.3-r4
purl	pkg:ebuild/media-libs/libextractor@0.4.3-r4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4

url	pkg:ebuild/media-libs/libextractor@0.5.9
purl	pkg:ebuild/media-libs/libextractor@0.5.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9

url	pkg:ebuild/media-libs/libextractor@2.10.0-r3
purl	pkg:ebuild/media-libs/libextractor@2.10.0-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3

url	pkg:ebuild/media-libs/libextractor@3.01-r5
purl	pkg:ebuild/media-libs/libextractor@3.01-r5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5

aliases CVE-2005-3626

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nw43-g144-hkff

url VCID-ucw2-n999-nyh6

vulnerability_id VCID-ucw2-n999-nyh6

summary Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3625.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3625.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-3625

reference_id

reference_type

scores

value	0.11286
scoring_system	epss
scoring_elements	0.93665
published_at	2026-06-04T12:55:00Z

value	0.11286
scoring_system	epss
scoring_elements	0.93675
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-3625

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617827
reference_id	1617827
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617827

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076
reference_id	346076
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346076

reference_url	https://security.gentoo.org/glsa/200601-02
reference_id	GLSA-200601-02
reference_type
scores
url	https://security.gentoo.org/glsa/200601-02

reference_url	https://security.gentoo.org/glsa/200601-17
reference_id	GLSA-200601-17
reference_type
scores
url	https://security.gentoo.org/glsa/200601-17

reference_url	https://access.redhat.com/errata/RHSA-2005:840
reference_id	RHSA-2005:840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:840

reference_url	https://access.redhat.com/errata/RHSA-2005:868
reference_id	RHSA-2005:868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:868

reference_url	https://access.redhat.com/errata/RHSA-2006:0160
reference_id	RHSA-2006:0160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0160

reference_url	https://access.redhat.com/errata/RHSA-2006:0163
reference_id	RHSA-2006:0163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0163

reference_url	https://access.redhat.com/errata/RHSA-2006:0177
reference_id	RHSA-2006:0177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0177

reference_url	https://usn.ubuntu.com/236-1/
reference_id	USN-236-1
reference_type
scores
url	https://usn.ubuntu.com/236-1/

reference_url	https://usn.ubuntu.com/236-2/
reference_id	USN-236-2
reference_type
scores
url	https://usn.ubuntu.com/236-2/

fixed_packages

url	pkg:ebuild/media-libs/libextractor@0.4.3-r4
purl	pkg:ebuild/media-libs/libextractor@0.4.3-r4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.4.3-r4

url	pkg:ebuild/media-libs/libextractor@0.5.9
purl	pkg:ebuild/media-libs/libextractor@0.5.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@0.5.9

url	pkg:ebuild/media-libs/libextractor@2.10.0-r3
purl	pkg:ebuild/media-libs/libextractor@2.10.0-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3

url	pkg:ebuild/media-libs/libextractor@3.01-r5
purl	pkg:ebuild/media-libs/libextractor@3.01-r5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@3.01-r5

aliases CVE-2005-3625

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucw2-n999-nyh6

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/media-libs/libextractor@2.10.0-r3

Package Instance