Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4535?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4535?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u1~bpo70%2B1", "type": "deb", "namespace": "debian", "name": "poppler", "version": "0.26.5-2+deb8u1~bpo70+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.01.0-4", "latest_non_vulnerable_version": "26.01.0-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98468?format=api", "vulnerability_id": "VCID-161f-sfg7-8bhf", "summary": "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20662.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69574", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665273", "reference_id": "1665273", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665273" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918158", "reference_id": "918158", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-20662" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-161f-sfg7-8bhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98433?format=api", "vulnerability_id": "VCID-1dky-1wb2-huaa", "summary": "In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14519.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14519.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499165", "reference_id": "1499165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499165" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876086", "reference_id": "876086", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876086" }, { "reference_url": "https://usn.ubuntu.com/3433-1/", "reference_id": "USN-3433-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3433-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14519" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dky-1wb2-huaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98483?format=api", "vulnerability_id": "VCID-1vfp-wqj8-pqh3", "summary": "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9200.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9200.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9200", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03439", "scoring_system": "epss", "scoring_elements": "0.87706", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03439", "scoring_system": "epss", "scoring_elements": "0.87727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9200" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683632", "reference_id": "1683632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1683632" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923414", "reference_id": "923414", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/3905-1/", "reference_id": "USN-3905-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3905-1/" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-9200" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfp-wqj8-pqh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98437?format=api", "vulnerability_id": "VCID-2dsa-qkvf-h3fw", "summary": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14926.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14926.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38397", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14926" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500323", "reference_id": "1500323", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500323" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877239", "reference_id": "877239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877239" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14926" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dsa-qkvf-h3fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83762?format=api", "vulnerability_id": "VCID-2xrd-q3wc-kfhj", "summary": "poppler: Out-of-Bounds Read in Poppler", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20487", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102191", "reference_id": "1102191", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102191" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577", "reference_id": "1577", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:43:55Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792", "reference_id": "1792", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:43:55Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357656", "reference_id": "2357656", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357656" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0126", "reference_id": "RHSA-2026:0126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0128", "reference_id": "RHSA-2026:0128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0130", "reference_id": "RHSA-2026:0130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0772", "reference_id": "RHSA-2026:0772", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0772" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0773", "reference_id": "RHSA-2026:0773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0774", "reference_id": "RHSA-2026:0774", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0774" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0795", "reference_id": "RHSA-2026:0795", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0795" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0796", "reference_id": "RHSA-2026:0796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0797", "reference_id": "RHSA-2026:0797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0799", "reference_id": "RHSA-2026:0799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1090", "reference_id": "RHSA-2026:1090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1091", "reference_id": "RHSA-2026:1091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1091" }, { "reference_url": "https://usn.ubuntu.com/7426-1/", "reference_id": "USN-7426-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7426-1/" }, { "reference_url": "https://usn.ubuntu.com/7426-2/", "reference_id": "USN-7426-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7426-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2025-32365" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xrd-q3wc-kfhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98445?format=api", "vulnerability_id": "VCID-4hjh-cqg4-wqdk", "summary": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51066", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51128", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578777", "reference_id": "1578777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578777" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357", "reference_id": "898357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://usn.ubuntu.com/3647-1/", "reference_id": "USN-3647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-18267" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjh-cqg4-wqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98449?format=api", "vulnerability_id": "VCID-4msq-ukzj-d7ds", "summary": "poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44339", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00218", "scoring_system": "epss", "scoring_elements": "0.44408", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7511" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1456827", "reference_id": "1456827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1456827" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863759", "reference_id": "863759", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863759" }, { "reference_url": "https://security.gentoo.org/glsa/201801-17", "reference_id": "GLSA-201801-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-17" }, { "reference_url": "https://usn.ubuntu.com/3350-1/", "reference_id": "USN-3350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3350-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-7511" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4msq-ukzj-d7ds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98441?format=api", "vulnerability_id": "VCID-4mt9-s54t-uub2", "summary": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14975.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14975.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01097", "scoring_system": "epss", "scoring_elements": "0.78346", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01097", "scoring_system": "epss", "scoring_elements": "0.78372", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500343", "reference_id": "1500343", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500343" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877957", "reference_id": "877957", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877957" }, { "reference_url": "https://security.gentoo.org/glsa/201804-03", "reference_id": "GLSA-201804-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-03" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14975" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mt9-s54t-uub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98458?format=api", "vulnerability_id": "VCID-4wbd-xbks-b3c7", "summary": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35283", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35379", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646546", "reference_id": "1646546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164", "reference_id": "913164", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2018-18897" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wbd-xbks-b3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98439?format=api", "vulnerability_id": "VCID-5py6-nrs3-13f5", "summary": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14928.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14928.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38397", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38485", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14928" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500322", "reference_id": "1500322", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500322" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877231", "reference_id": "877231", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877231" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14928" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5py6-nrs3-13f5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94709?format=api", "vulnerability_id": "VCID-61wf-ahyh-dkb7", "summary": "poppler: Reachable assertion in Object.h", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05655", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05675", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282", "reference_id": "1282", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:39:03Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251630", "reference_id": "2251630", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251630" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28", "reference_id": "4564a002bcb6094cc460bc0d5ddff9423fe6dd28", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:39:03Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28" }, { "reference_url": "https://usn.ubuntu.com/6508-1/", "reference_id": "USN-6508-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6508-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2022-38349" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-61wf-ahyh-dkb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98465?format=api", "vulnerability_id": "VCID-62zk-x2n8-wudz", "summary": "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20551.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20551.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54362", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00309", "scoring_system": "epss", "scoring_elements": "0.54418", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20551" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20551" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665259", "reference_id": "1665259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665259" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917525", "reference_id": "917525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/3886-1/", "reference_id": "USN-3886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3886-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-20551" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62zk-x2n8-wudz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98442?format=api", "vulnerability_id": "VCID-6x2t-evww-sbdv", "summary": "The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14976.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.78307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01093", "scoring_system": "epss", "scoring_elements": "0.78333", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500345", "reference_id": "1500345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500345" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877954", "reference_id": "877954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877954" }, { "reference_url": "https://security.gentoo.org/glsa/201804-03", "reference_id": "GLSA-201804-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-03" }, { "reference_url": "https://usn.ubuntu.com/3517-1/", "reference_id": "USN-3517-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3517-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14976" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6x2t-evww-sbdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3507?format=api", "vulnerability_id": "VCID-75bw-nnk3-5ka5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26267", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26371", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38784" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971", "reference_id": "1018971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124527", "reference_id": "2124527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124527" }, { "reference_url": "https://security.archlinux.org/AVG-2812", "reference_id": "AVG-2812", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2812" }, { "reference_url": "https://security.gentoo.org/glsa/202209-21", "reference_id": "GLSA-202209-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2259", "reference_id": "RHSA-2023:2259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2810", "reference_id": "RHSA-2023:2810", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2810" }, { "reference_url": "https://usn.ubuntu.com/5606-1/", "reference_id": "USN-5606-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5606-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2022-38784" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75bw-nnk3-5ka5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98471?format=api", "vulnerability_id": "VCID-7bkp-b1ww-7qct", "summary": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70634", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70676", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696636", "reference_id": "1696636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696636" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529", "reference_id": "926529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1074", "reference_id": "RHSA-2020:1074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1074" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-10871" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bkp-b1ww-7qct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86559?format=api", "vulnerability_id": "VCID-7fge-bavn-4kb2", "summary": "Poppler: out-of-bounds read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00305", "scoring_system": "epss", "scoring_elements": "0.54074", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091322", "reference_id": "1091322", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091322" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553", "reference_id": "1553", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333794", "reference_id": "2333794", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333794" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e", "reference_id": "ade9b5ebed44b0c15522c27669ef6cdf93eff84e", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621", "reference_id": "CMakeLists.txt#L621", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621" }, { "reference_url": "https://usn.ubuntu.com/7213-1/", "reference_id": "USN-7213-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7213-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2024-56378" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fge-bavn-4kb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98474?format=api", "vulnerability_id": "VCID-7fqy-zt39-2ka2", "summary": "FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66994", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699862", "reference_id": "1699862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699862" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721", "reference_id": "926721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-11026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fqy-zt39-2ka2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98435?format=api", "vulnerability_id": "VCID-7nuu-hq66-67es", "summary": "In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14520.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45036", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00223", "scoring_system": "epss", "scoring_elements": "0.45105", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494582", "reference_id": "1494582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494582" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876081", "reference_id": "876081", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876081" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14520" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7nuu-hq66-67es" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98450?format=api", "vulnerability_id": "VCID-7thh-twxp-j3fh", "summary": "poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44116", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00216", "scoring_system": "epss", "scoring_elements": "0.44184", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7515" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459066", "reference_id": "1459066", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459066" }, { "reference_url": "https://usn.ubuntu.com/3350-1/", "reference_id": "USN-3350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3350-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-7515" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7thh-twxp-j3fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98455?format=api", "vulnerability_id": "VCID-7ukn-38hy-dffs", "summary": "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83389", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576169", "reference_id": "1576169", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://usn.ubuntu.com/3647-1/", "reference_id": "USN-3647-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3647-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" } ], "aliases": [ "CVE-2018-10768" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ukn-38hy-dffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98473?format=api", "vulnerability_id": "VCID-81rk-djd7-wkau", "summary": "An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00788", "scoring_system": "epss", "scoring_elements": "0.74213", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00788", "scoring_system": "epss", "scoring_elements": "0.74246", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10873" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10873" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696637", "reference_id": "1696637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696637" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926532", "reference_id": "926532", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926532" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-10873" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-81rk-djd7-wkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98472?format=api", "vulnerability_id": "VCID-9gtz-2mce-kuf6", "summary": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76534", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00935", "scoring_system": "epss", "scoring_elements": "0.76563", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10872" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696638", "reference_id": "1696638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696638" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926530", "reference_id": "926530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926530" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-10872" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9gtz-2mce-kuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98466?format=api", "vulnerability_id": "VCID-a3vs-h3s5-zbdw", "summary": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20650.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20650.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58066", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.58117", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20650" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665263", "reference_id": "1665263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665263" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974", "reference_id": "917974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/3865-1/", "reference_id": "USN-3865-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3865-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2018-20650" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3vs-h3s5-zbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98486?format=api", "vulnerability_id": "VCID-afbw-asht-7bbq", "summary": "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9631.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02178", "scoring_system": "epss", "scoring_elements": "0.84654", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02178", "scoring_system": "epss", "scoring_elements": "0.84678", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686802", "reference_id": "1686802", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1686802" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926673", "reference_id": "926673", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-9631" ], "risk_score": 2.3, "exploitability": "0.5", "weighted_severity": "4.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-afbw-asht-7bbq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98431?format=api", "vulnerability_id": "VCID-aqh3-9esc-jqg7", "summary": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.45967", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00231", "scoring_system": "epss", "scoring_elements": "0.46036", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499162", "reference_id": "1499162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876079", "reference_id": "876079", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876079" }, { "reference_url": "https://usn.ubuntu.com/3433-1/", "reference_id": "USN-3433-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3433-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14517" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqh3-9esc-jqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98475?format=api", "vulnerability_id": "VCID-arjj-gn1s-yue1", "summary": "In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00948", "scoring_system": "epss", "scoring_elements": "0.76699", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00948", "scoring_system": "epss", "scoring_elements": "0.76728", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12293" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713582", "reference_id": "1713582", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713582" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929423", "reference_id": "929423", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1074", "reference_id": "RHSA-2020:1074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1074" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-12293" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arjj-gn1s-yue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6532?format=api", "vulnerability_id": "VCID-ax7h-qsmd-hyc9", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9775.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9775.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73346", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73382", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466442", "reference_id": "1466442", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466442" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865680", "reference_id": "865680", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865680" }, { "reference_url": "https://security.archlinux.org/ASA-201706-33", "reference_id": "ASA-201706-33", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-33" }, { "reference_url": "https://security.archlinux.org/AVG-326", "reference_id": "AVG-326", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2551", "reference_id": "RHSA-2017:2551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2551" }, { "reference_url": "https://usn.ubuntu.com/3350-1/", "reference_id": "USN-3350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3350-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-9775" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7h-qsmd-hyc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98453?format=api", "vulnerability_id": "VCID-btq8-dzuk-4yfk", "summary": "In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77869", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458702", "reference_id": "1458702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864009", "reference_id": "864009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864009" }, { "reference_url": "https://security.gentoo.org/glsa/201801-17", "reference_id": "GLSA-201801-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-17" }, { "reference_url": "https://usn.ubuntu.com/3350-1/", "reference_id": "USN-3350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3350-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-9408" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btq8-dzuk-4yfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98443?format=api", "vulnerability_id": "VCID-bytg-r7hs-gyeg", "summary": "The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01097", "scoring_system": "epss", "scoring_elements": "0.78346", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01097", "scoring_system": "epss", "scoring_elements": "0.78372", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500344", "reference_id": "1500344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500344" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877952", "reference_id": "877952", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877952" }, { "reference_url": "https://security.gentoo.org/glsa/201804-03", "reference_id": "GLSA-201804-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-03" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14977" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bytg-r7hs-gyeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6531?format=api", "vulnerability_id": "VCID-c2n4-uugz-wfac", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79646", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01248", "scoring_system": "epss", "scoring_elements": "0.79672", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466443", "reference_id": "1466443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865679", "reference_id": "865679", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865679" }, { "reference_url": "https://security.archlinux.org/ASA-201706-33", "reference_id": "ASA-201706-33", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-33" }, { "reference_url": "https://security.archlinux.org/AVG-326", "reference_id": "AVG-326", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2550", "reference_id": "RHSA-2017:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2551", "reference_id": "RHSA-2017:2551", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2551" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-9776" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2n4-uugz-wfac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98438?format=api", "vulnerability_id": "VCID-dwg9-w58z-ufh4", "summary": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35873", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35969", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500324", "reference_id": "1500324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1500324" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877237", "reference_id": "877237", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877237" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14927" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwg9-w58z-ufh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98477?format=api", "vulnerability_id": "VCID-e144-8aet-7kbn", "summary": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52032", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52093", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12493" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" } ], "aliases": [ "CVE-2019-12493" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e144-8aet-7kbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98491?format=api", "vulnerability_id": "VCID-ezcv-cbva-kkbe", "summary": "A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01116", "scoring_system": "epss", "scoring_elements": "0.78564", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712", "reference_id": "1900712", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1881", "reference_id": "RHSA-2021:1881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1881" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2020-27778" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezcv-cbva-kkbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98456?format=api", "vulnerability_id": "VCID-fmqa-fers-5ydf", "summary": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13988", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00696", "scoring_system": "epss", "scoring_elements": "0.72309", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00696", "scoring_system": "epss", "scoring_elements": "0.72351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-13988" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838", "reference_id": "1602838", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602838" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922", "reference_id": "904922", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3140", "reference_id": "RHSA-2018:3140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3140" }, { "reference_url": "https://usn.ubuntu.com/3757-1/", "reference_id": "USN-3757-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3757-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-13988" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqa-fers-5ydf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98459?format=api", "vulnerability_id": "VCID-fnfu-a29f-ryeg", "summary": "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51255", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51317", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649435", "reference_id": "1649435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649435" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177", "reference_id": "913177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2018-19058" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnfu-a29f-ryeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98463?format=api", "vulnerability_id": "VCID-gg77-12mg-k7d2", "summary": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19149.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19149.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49704", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49767", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649457", "reference_id": "1649457", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649457" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914600", "reference_id": "914600", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914600" }, { "reference_url": "https://security.gentoo.org/glsa/201904-04", "reference_id": "GLSA-201904-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-04" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" }, { "reference_url": "https://usn.ubuntu.com/3837-2/", "reference_id": "USN-3837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-19149" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg77-12mg-k7d2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94791?format=api", "vulnerability_id": "VCID-h257-3sze-qqbu", "summary": "poppler: NULL pointer dereference in `FoFiType1C::convertToType1`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36024.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26305", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26409", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016", "reference_id": "1016", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:56:32Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231520", "reference_id": "2231520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231520" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:56:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2979", "reference_id": "RHSA-2024:2979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2979" }, { "reference_url": "https://usn.ubuntu.com/6299-1/", "reference_id": "USN-6299-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6299-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2020-36024" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h257-3sze-qqbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98489?format=api", "vulnerability_id": "VCID-hs9d-5q1m-97gk", "summary": "Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39711", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234524", "reference_id": "2234524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234524" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742", "reference_id": "742", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:29:54Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2020-18839" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs9d-5q1m-97gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98488?format=api", "vulnerability_id": "VCID-jvqj-5f2g-u7d7", "summary": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81133", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.8116", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732340", "reference_id": "1732340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732340" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776", "reference_id": "941776", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1074", "reference_id": "RHSA-2020:1074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1074" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-9959" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvqj-5f2g-u7d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98457?format=api", "vulnerability_id": "VCID-mzzq-s6gj-k3hw", "summary": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16646.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16646.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16646", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02049", "scoring_system": "epss", "scoring_elements": "0.84185", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02049", "scoring_system": "epss", "scoring_elements": "0.84208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16646" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626618", "reference_id": "1626618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626618" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909802", "reference_id": "909802", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" }, { "reference_url": "https://usn.ubuntu.com/3837-2/", "reference_id": "USN-3837-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-16646" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzzq-s6gj-k3hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83764?format=api", "vulnerability_id": "VCID-n1dm-zhps-eqes", "summary": "poppler: Floating-Point Exception in Poppler", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21842", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102190", "reference_id": "1102190", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102190" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574", "reference_id": "1574", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T16:06:56Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357657", "reference_id": "2357657", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357657" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3", "reference_id": "d87bc726c7cc98f8c26b60ece5f20236e9de1bc3", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T16:06:56Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3" }, { "reference_url": "https://usn.ubuntu.com/7426-1/", "reference_id": "USN-7426-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7426-1/" }, { "reference_url": "https://usn.ubuntu.com/7426-2/", "reference_id": "USN-7426-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7426-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2025-32364" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n1dm-zhps-eqes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94790?format=api", "vulnerability_id": "VCID-ndst-6nx1-1qcp", "summary": "poppler: Stack-Overflow in `FoFiType1C::cvtGlyph`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21149", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21231", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013", "reference_id": "1013", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:59:31Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231510", "reference_id": "2231510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2231510" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html", "reference_id": "msg00017.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:59:31Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html" }, { "reference_url": "https://usn.ubuntu.com/6299-1/", "reference_id": "USN-6299-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6299-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2020-36023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndst-6nx1-1qcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98470?format=api", "vulnerability_id": "VCID-nmgp-gqkw-xkd1", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47667", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47731", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926133", "reference_id": "926133", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926133" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-10018" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmgp-gqkw-xkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98497?format=api", "vulnerability_id": "VCID-nzk9-p4dt-wfg6", "summary": "An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37051.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13983", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37051" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234528", "reference_id": "2234528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234528" }, { "reference_url": "https://usn.ubuntu.com/6508-1/", "reference_id": "USN-6508-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6508-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2022-37051" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzk9-p4dt-wfg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98440?format=api", "vulnerability_id": "VCID-p76p-4a8h-cffj", "summary": "In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14929.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14929.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41002", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499167", "reference_id": "1499167", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499167" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877222", "reference_id": "877222", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877222" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14929" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p76p-4a8h-cffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98432?format=api", "vulnerability_id": "VCID-p82j-3rgh-tqgf", "summary": "In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50797", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50857", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499163", "reference_id": "1499163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499163" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876082", "reference_id": "876082", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876082" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14518" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p82j-3rgh-tqgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98454?format=api", "vulnerability_id": "VCID-q9zx-mkrf-k3bh", "summary": "The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9865.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9865.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0076", "scoring_system": "epss", "scoring_elements": "0.73707", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0076", "scoring_system": "epss", "scoring_elements": "0.73744", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466435", "reference_id": "1466435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466435" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867477", "reference_id": "867477", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867477" }, { "reference_url": "https://security.gentoo.org/glsa/201801-17", "reference_id": "GLSA-201801-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-17" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-9865" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9zx-mkrf-k3bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98495?format=api", "vulnerability_id": "VCID-qvy8-nuu4-ufc5", "summary": "In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37050.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37050.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20006", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2008", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274", "reference_id": "1274", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-02T14:19:32Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234527", "reference_id": "2234527", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234527" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990", "reference_id": "dcd5bd8238ea448addd102ff045badd0aca1b990", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-02T14:19:32Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-02T14:19:32Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html" }, { "reference_url": "https://usn.ubuntu.com/6508-1/", "reference_id": "USN-6508-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6508-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2022-37050" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qvy8-nuu4-ufc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98490?format=api", "vulnerability_id": "VCID-qxhg-65zp-ufe2", "summary": "Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-23804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5375", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53807", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-23804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23804" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234526", "reference_id": "2234526", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234526" }, { "reference_url": "https://usn.ubuntu.com/6508-1/", "reference_id": "USN-6508-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6508-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2020-23804" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxhg-65zp-ufe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98429?format=api", "vulnerability_id": "VCID-re3v-ymkc-53bt", "summary": "Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8868.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8868.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.78249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01087", "scoring_system": "epss", "scoring_elements": "0.78274", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8868" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326225", "reference_id": "1326225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326225" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822578", "reference_id": "822578", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822578" }, { "reference_url": "https://security.gentoo.org/glsa/201611-15", "reference_id": "GLSA-201611-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2580", "reference_id": "RHSA-2016:2580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2580" }, { "reference_url": "https://usn.ubuntu.com/2958-1/", "reference_id": "USN-2958-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2958-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8868" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-re3v-ymkc-53bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98499?format=api", "vulnerability_id": "VCID-s2q8-deht-k3af", "summary": "A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08003", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08036", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37052" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278", "reference_id": "1278", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:06:03Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234530", "reference_id": "2234530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234530" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c", "reference_id": "8677500399fc2548fa816b619580c2c07915a98c", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:06:03Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c" }, { "reference_url": "https://usn.ubuntu.com/6508-1/", "reference_id": "USN-6508-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6508-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196032?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1" } ], "aliases": [ "CVE-2022-37052" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s2q8-deht-k3af" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98444?format=api", "vulnerability_id": "VCID-snd9-bt5h-6ycw", "summary": "In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15565.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15565.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70331", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510977", "reference_id": "1510977", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510977" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879066", "reference_id": "879066", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879066" }, { "reference_url": "https://usn.ubuntu.com/3467-1/", "reference_id": "USN-3467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3467-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-15565" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snd9-bt5h-6ycw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98464?format=api", "vulnerability_id": "VCID-spyc-te21-j3dk", "summary": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0119", "scoring_system": "epss", "scoring_elements": "0.79166", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0119", "scoring_system": "epss", "scoring_elements": "0.79193", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20481" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665266", "reference_id": "1665266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665266" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917325", "reference_id": "917325", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/3865-1/", "reference_id": "USN-3865-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3865-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-20481" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-spyc-te21-j3dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98462?format=api", "vulnerability_id": "VCID-syex-x1gz-3yhj", "summary": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34888", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34984", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649450", "reference_id": "1649450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913182", "reference_id": "913182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2018-19060" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syex-x1gz-3yhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98460?format=api", "vulnerability_id": "VCID-tusm-masj-pyag", "summary": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31787", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31858", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649440", "reference_id": "1649440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649440" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180", "reference_id": "913180", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2018-19059" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tusm-masj-pyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98487?format=api", "vulnerability_id": "VCID-uvcz-5mb9-syeq", "summary": "PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70671", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70714", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691724", "reference_id": "1691724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691724" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264", "reference_id": "925264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-9903" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uvcz-5mb9-syeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98480?format=api", "vulnerability_id": "VCID-v2g6-bhw9-z3am", "summary": "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01932", "scoring_system": "epss", "scoring_elements": "0.83721", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01932", "scoring_system": "epss", "scoring_elements": "0.83744", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797453", "reference_id": "1797453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797453" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812", "reference_id": "933812", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3977", "reference_id": "RHSA-2020:3977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4643", "reference_id": "RHSA-2020:4643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4643" }, { "reference_url": "https://usn.ubuntu.com/4091-1/", "reference_id": "USN-4091-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4091-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2019-14494" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v2g6-bhw9-z3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98452?format=api", "vulnerability_id": "VCID-v9g2-msy2-gbhc", "summary": "In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9406.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9406.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77842", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01046", "scoring_system": "epss", "scoring_elements": "0.77869", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458701", "reference_id": "1458701", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1458701" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864010", "reference_id": "864010", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864010" }, { "reference_url": "https://security.gentoo.org/glsa/201801-17", "reference_id": "GLSA-201801-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201801-17" }, { "reference_url": "https://usn.ubuntu.com/3350-1/", "reference_id": "USN-3350-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3350-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-9406" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9g2-msy2-gbhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3508?format=api", "vulnerability_id": "VCID-wgrw-vedu-j7gv", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27337.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.46938", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47004", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010695", "reference_id": "1010695", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010695" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087190", "reference_id": "2087190", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087190" }, { "reference_url": "https://security.archlinux.org/AVG-2812", "reference_id": "AVG-2812", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2812" }, { "reference_url": "https://security.gentoo.org/glsa/202509-01", "reference_id": "GLSA-202509-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202509-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7594", "reference_id": "RHSA-2022:7594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8151", "reference_id": "RHSA-2022:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8151" }, { "reference_url": "https://usn.ubuntu.com/6273-1/", "reference_id": "USN-6273-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6273-1/" }, { "reference_url": "https://usn.ubuntu.com/7687-1/", "reference_id": "USN-7687-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7687-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196031?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-25s4-qujz-8kcf" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4n4u-c4u9-kkep" }, { "vulnerability": "VCID-4y9q-jfwk-5bde" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-arhw-n285-r3dv" }, { "vulnerability": "VCID-e3pp-vnez-rude" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-r2f4-bgaw-t7gu" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-sw3e-49nw-w7fv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1" } ], "aliases": [ "CVE-2022-27337" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgrw-vedu-j7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98469?format=api", "vulnerability_id": "VCID-xbpw-d63u-vyc1", "summary": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21009.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65479", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65531", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-21009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21009" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1753850", "reference_id": "1753850", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1753850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1074", "reference_id": "RHSA-2020:1074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1074" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2018-21009" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xbpw-d63u-vyc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98476?format=api", "vulnerability_id": "VCID-xsp3-9g35-m7b5", "summary": "A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12360.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12360.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56846", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56897", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12360" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850876", "reference_id": "1850876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" } ], "aliases": [ "CVE-2019-12360" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsp3-9g35-m7b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98436?format=api", "vulnerability_id": "VCID-y1fm-k61h-27hz", "summary": "In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67331", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00525", "scoring_system": "epss", "scoring_elements": "0.67373", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499905", "reference_id": "1499905", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499905" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876385", "reference_id": "876385", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876385" }, { "reference_url": "https://usn.ubuntu.com/3440-1/", "reference_id": "USN-3440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-14617" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1fm-k61h-27hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98430?format=api", "vulnerability_id": "VCID-yhxt-1rx2-cbc1", "summary": "freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000456.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000456.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000456", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72835", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72873", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000456" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531382", "reference_id": "1531382", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531382" }, { "reference_url": "https://security.gentoo.org/glsa/201804-03", "reference_id": "GLSA-201804-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-03" }, { "reference_url": "https://usn.ubuntu.com/3517-1/", "reference_id": "USN-3517-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3517-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4536?format=api", "purl": "pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-7ukn-38hy-dffs" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-e144-8aet-7kbn" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-re3v-ymkc-53bt" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-xsp3-9g35-m7b5" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/4882?format=api", "purl": "pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-161f-sfg7-8bhf" }, { "vulnerability": "VCID-1dky-1wb2-huaa" }, { "vulnerability": "VCID-1vfp-wqj8-pqh3" }, { "vulnerability": "VCID-2dsa-qkvf-h3fw" }, { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4hjh-cqg4-wqdk" }, { "vulnerability": "VCID-4msq-ukzj-d7ds" }, { "vulnerability": "VCID-4mt9-s54t-uub2" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-5py6-nrs3-13f5" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-62zk-x2n8-wudz" }, { "vulnerability": "VCID-6x2t-evww-sbdv" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-7nuu-hq66-67es" }, { "vulnerability": "VCID-7thh-twxp-j3fh" }, { "vulnerability": "VCID-81rk-djd7-wkau" }, { "vulnerability": "VCID-9gtz-2mce-kuf6" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-afbw-asht-7bbq" }, { "vulnerability": "VCID-aqh3-9esc-jqg7" }, { "vulnerability": "VCID-arjj-gn1s-yue1" }, { "vulnerability": "VCID-ax7h-qsmd-hyc9" }, { "vulnerability": "VCID-btq8-dzuk-4yfk" }, { "vulnerability": "VCID-bytg-r7hs-gyeg" }, { "vulnerability": "VCID-c2n4-uugz-wfac" }, { "vulnerability": "VCID-dwg9-w58z-ufh4" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fmqa-fers-5ydf" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-gg77-12mg-k7d2" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-mzzq-s6gj-k3hw" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nmgp-gqkw-xkd1" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-p76p-4a8h-cffj" }, { "vulnerability": "VCID-p82j-3rgh-tqgf" }, { "vulnerability": "VCID-q9zx-mkrf-k3bh" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-snd9-bt5h-6ycw" }, { "vulnerability": "VCID-spyc-te21-j3dk" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-v9g2-msy2-gbhc" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" }, { "vulnerability": "VCID-xbpw-d63u-vyc1" }, { "vulnerability": "VCID-y1fm-k61h-27hz" }, { "vulnerability": "VCID-yhxt-1rx2-cbc1" }, { "vulnerability": "VCID-zgt3-rj7n-vuah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2017-1000456" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhxt-1rx2-cbc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/98482?format=api", "vulnerability_id": "VCID-zgt3-rj7n-vuah", "summary": "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7310.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48154", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48216", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7310" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7310" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672419", "reference_id": "1672419", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672419" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921215", "reference_id": "921215", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921215" }, { "reference_url": "https://security.archlinux.org/AVG-869", "reference_id": "AVG-869", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-869" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/3886-1/", "reference_id": "USN-3886-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3886-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5750?format=api", "purl": "pkg:deb/debian/poppler@0.71.0-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xrd-q3wc-kfhj" }, { "vulnerability": "VCID-4wbd-xbks-b3c7" }, { "vulnerability": "VCID-61wf-ahyh-dkb7" }, { "vulnerability": "VCID-75bw-nnk3-5ka5" }, { "vulnerability": "VCID-7bkp-b1ww-7qct" }, { "vulnerability": "VCID-7fge-bavn-4kb2" }, { "vulnerability": "VCID-7fqy-zt39-2ka2" }, { "vulnerability": "VCID-a3vs-h3s5-zbdw" }, { "vulnerability": "VCID-ezcv-cbva-kkbe" }, { "vulnerability": "VCID-fnfu-a29f-ryeg" }, { "vulnerability": "VCID-h257-3sze-qqbu" }, { "vulnerability": "VCID-hs9d-5q1m-97gk" }, { "vulnerability": "VCID-jvqj-5f2g-u7d7" }, { "vulnerability": "VCID-n1dm-zhps-eqes" }, { "vulnerability": "VCID-ndst-6nx1-1qcp" }, { "vulnerability": "VCID-nzk9-p4dt-wfg6" }, { "vulnerability": "VCID-qvy8-nuu4-ufc5" }, { "vulnerability": "VCID-qxhg-65zp-ufe2" }, { "vulnerability": "VCID-s2q8-deht-k3af" }, { "vulnerability": "VCID-syex-x1gz-3yhj" }, { "vulnerability": "VCID-tusm-masj-pyag" }, { "vulnerability": "VCID-uvcz-5mb9-syeq" }, { "vulnerability": "VCID-v2g6-bhw9-z3am" }, { "vulnerability": "VCID-wgrw-vedu-j7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5" } ], "aliases": [ "CVE-2019-7310" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgt3-rj7n-vuah" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u1~bpo70%252B1" }