Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:alpm/archlinux/podofo@0.9.5-2

Type alpm

Namespace archlinux

Name podofo

Version 0.9.5-2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.9.6-1

Latest_non_vulnerable_version 0.9.6-1

Affected_by_vulnerabilities

url VCID-316u-w5wu-9feb

vulnerability_id VCID-316u-w5wu-9feb

summary In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5296

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.3869
published_at	2026-06-04T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38781
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5296

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-5296

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-316u-w5wu-9feb

url VCID-3ahq-4tz8-nkhv

vulnerability_id VCID-3ahq-4tz8-nkhv

summary The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6849

reference_id

reference_type

scores

value	0.0034
scoring_system	epss
scoring_elements	0.56986
published_at	2026-06-04T12:55:00Z

value	0.0034
scoring_system	epss
scoring_elements	0.57037
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6849

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6849
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6849

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861566
reference_id	861566
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861566

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-6849

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ahq-4tz8-nkhv

url VCID-3gwq-ra2s-x3bg

vulnerability_id VCID-3gwq-ra2s-x3bg

summary multiple issues

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8000

reference_id

reference_type

scores

value	0.01994
scoring_system	epss
scoring_elements	0.83953
published_at	2026-06-04T12:55:00Z

value	0.01994
scoring_system	epss
scoring_elements	0.83976
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8000

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-8000

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwq-ra2s-x3bg

url VCID-63z7-jtyr-jug8

vulnerability_id VCID-63z7-jtyr-jug8

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7381

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43389
published_at	2026-06-04T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43461
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7381

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7381
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7381

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329
reference_id	859329
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7381

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63z7-jtyr-jug8

url VCID-7nu8-c9xv-sbdq

vulnerability_id VCID-7nu8-c9xv-sbdq

summary Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5886

reference_id

reference_type

scores

value	0.00785
scoring_system	epss
scoring_elements	0.74132
published_at	2026-06-04T12:55:00Z

value	0.00785
scoring_system	epss
scoring_elements	0.74166
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5886

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5886
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5886

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854604
reference_id	854604
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854604

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

reference_url	https://usn.ubuntu.com/7217-1/
reference_id	USN-7217-1
reference_type
scores
url	https://usn.ubuntu.com/7217-1/

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-5886

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nu8-c9xv-sbdq

url VCID-9g2f-mkmf-a3a6

vulnerability_id VCID-9g2f-mkmf-a3a6

summary PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8053

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42072
published_at	2026-06-04T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42146
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8053

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8053
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8053

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860994
reference_id	860994
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860994

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-8053

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9g2f-mkmf-a3a6

url VCID-a5k2-czfx-3qa8

vulnerability_id VCID-a5k2-czfx-3qa8

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7378

reference_id

reference_type

scores

value	0.00432
scoring_system	epss
scoring_elements	0.62962
published_at	2026-06-04T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.63004
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7378

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330
reference_id	859330
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7378

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5k2-czfx-3qa8

url VCID-a97h-vdzy-e7cj

vulnerability_id VCID-a97h-vdzy-e7cj

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7379

reference_id

reference_type

scores

value	0.00432
scoring_system	epss
scoring_elements	0.63004
published_at	2026-06-05T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74622
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7379

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331
reference_id	859331
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7379

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a97h-vdzy-e7cj

url VCID-dx1p-226q-mkb8

vulnerability_id VCID-dx1p-226q-mkb8

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7380

reference_id

reference_type

scores

value	0.00432
scoring_system	epss
scoring_elements	0.62962
published_at	2026-06-04T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.63004
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7380

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329
reference_id	859329
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7380

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1p-226q-mkb8

url VCID-esuc-bxyu-5yaf

vulnerability_id VCID-esuc-bxyu-5yaf

summary PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5308

reference_id

reference_type

scores

value	0.01007
scoring_system	epss
scoring_elements	0.77402
published_at	2026-06-04T12:55:00Z

value	0.01007
scoring_system	epss
scoring_elements	0.7743
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602
reference_id	854602
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

reference_url	https://usn.ubuntu.com/7217-1/
reference_id	USN-7217-1
reference_type
scores
url	https://usn.ubuntu.com/7217-1/

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-5308

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esuc-bxyu-5yaf

url VCID-fma7-b6ey-hfce

vulnerability_id VCID-fma7-b6ey-hfce

summary In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5295

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.3869
published_at	2026-06-04T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38781
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5295

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5295
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5295

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511
reference_id	889511
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-5295

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fma7-b6ey-hfce

url VCID-g61j-n2gq-1bfw

vulnerability_id VCID-g61j-n2gq-1bfw

summary The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6845

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.56366
published_at	2026-06-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56422
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6845

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861562
reference_id	861562
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861562

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-6845

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g61j-n2gq-1bfw

url VCID-gth2-na1d-1qdr

vulnerability_id VCID-gth2-na1d-1qdr

summary The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6846

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.38768
published_at	2026-06-04T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.38857
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6846

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6846
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6846

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861563
reference_id	861563
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861563

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-6846

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gth2-na1d-1qdr

url VCID-jut9-e84m-d3eq

vulnerability_id VCID-jut9-e84m-d3eq

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7383

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43389
published_at	2026-06-04T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43461
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7383

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7383
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7383

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329
reference_id	859329
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7383

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jut9-e84m-d3eq

url VCID-jwu5-x8mg-67e4

vulnerability_id VCID-jwu5-x8mg-67e4

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6840

reference_id

reference_type

scores

value	0.0037
scoring_system	epss
scoring_elements	0.59175
published_at	2026-06-04T12:55:00Z

value	0.0037
scoring_system	epss
scoring_elements	0.59223
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6840

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861557
reference_id	861557
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861557

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-6840

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwu5-x8mg-67e4

url VCID-md8c-ewv8-gyf9

vulnerability_id VCID-md8c-ewv8-gyf9

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7994

reference_id

reference_type

scores

value	0.00645
scoring_system	epss
scoring_elements	0.71069
published_at	2026-06-04T12:55:00Z

value	0.00645
scoring_system	epss
scoring_elements	0.71112
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7994

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7994
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7994

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930
reference_id	860930
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7994

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-md8c-ewv8-gyf9

url VCID-nx3g-8rny-2ffm

vulnerability_id VCID-nx3g-8rny-2ffm

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7382

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43389
published_at	2026-06-04T12:55:00Z

value	0.0021
scoring_system	epss
scoring_elements	0.43461
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7382

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7382
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7382

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329
reference_id	859329
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-7382

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nx3g-8rny-2ffm

url VCID-pkrw-gaqw-rfe3

vulnerability_id VCID-pkrw-gaqw-rfe3

summary In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5309

reference_id

reference_type

scores

value	0.00624
scoring_system	epss
scoring_elements	0.70548
published_at	2026-06-04T12:55:00Z

value	0.00624
scoring_system	epss
scoring_elements	0.70591
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5309

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5309
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5309

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-5309

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkrw-gaqw-rfe3

url VCID-pxxn-ee4k-gkfq

vulnerability_id VCID-pxxn-ee4k-gkfq

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6841

reference_id

reference_type

scores

value	0.00393
scoring_system	epss
scoring_elements	0.6055
published_at	2026-06-04T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60598
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6841

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6841
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6841

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861558
reference_id	861558
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861558

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-6841

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pxxn-ee4k-gkfq

url VCID-rpjn-u2v9-5baa

vulnerability_id VCID-rpjn-u2v9-5baa

summary denial of service

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-6842

reference_id

reference_type

scores

value	0.00393
scoring_system	epss
scoring_elements	0.6055
published_at	2026-06-04T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60598
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-6842

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6842
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6842

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861559
reference_id	861559
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861559

reference_url

https://security.archlinux.org/AVG-216

reference_id

AVG-216

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-216

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2017-6842

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpjn-u2v9-5baa

url VCID-vy5k-b77u-97ge

vulnerability_id VCID-vy5k-b77u-97ge

summary In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8001

reference_id

reference_type

scores

value	0.00453
scoring_system	epss
scoring_elements	0.64088
published_at	2026-06-04T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.64133
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8001

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8001
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8001

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892556
reference_id	892556
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892556

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-8001

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy5k-b77u-97ge

url VCID-wm3b-jyn4-dfd5

vulnerability_id VCID-wm3b-jyn4-dfd5

summary In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6352

reference_id

reference_type

scores

value	0.00175
scoring_system	epss
scoring_elements	0.3869
published_at	2026-06-04T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38781
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6352

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6352
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6352

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://security.archlinux.org/AVG-1426

reference_id

AVG-1426

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1426

fixed_packages

url	pkg:alpm/archlinux/podofo@0.9.6-1
purl	pkg:alpm/archlinux/podofo@0.9.6-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.6-1

aliases CVE-2018-6352

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm3b-jyn4-dfd5

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/podofo@0.9.5-2

Package Instance