Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/poppler@0.85.0-2?distro=trixie

Type deb

Namespace debian

Name poppler

Version 0.85.0-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 20.09.0-1

Latest_non_vulnerable_version 25.03.0-11.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2ck3-hjtt-hbax

vulnerability_id VCID-2ck3-hjtt-hbax

summary poppler: pdftohtml: access to uninitialized pointer could lead to DoS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-27778

reference_id

reference_type

scores

value	0.00283
scoring_system	epss
scoring_elements	0.51622
published_at	2026-04-01T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51673
published_at	2026-04-02T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51698
published_at	2026-04-04T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51658
published_at	2026-04-07T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51712
published_at	2026-04-08T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51708
published_at	2026-04-09T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51758
published_at	2026-04-11T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51736
published_at	2026-04-12T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51719
published_at	2026-04-13T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.5176
published_at	2026-04-16T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51767
published_at	2026-04-18T12:55:00Z

value	0.00283
scoring_system	epss
scoring_elements	0.51747
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-27778

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1900712
reference_id	1900712
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1900712

reference_url	https://access.redhat.com/errata/RHSA-2021:1881
reference_id	RHSA-2021:1881
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1881

reference_url	https://usn.ubuntu.com/4646-1/
reference_id	USN-4646-1
reference_type
scores
url	https://usn.ubuntu.com/4646-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2020-27778

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ck3-hjtt-hbax

url VCID-5py7-z1gg-9fet

vulnerability_id VCID-5py7-z1gg-9fet

summary poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14494

reference_id

reference_type

scores

value	0.01969
scoring_system	epss
scoring_elements	0.83467
published_at	2026-04-01T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.8348
published_at	2026-04-02T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83494
published_at	2026-04-04T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83493
published_at	2026-04-07T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83518
published_at	2026-04-08T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83527
published_at	2026-04-09T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83542
published_at	2026-04-11T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83536
published_at	2026-04-12T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83532
published_at	2026-04-13T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83566
published_at	2026-04-16T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83567
published_at	2026-04-18T12:55:00Z

value	0.01969
scoring_system	epss
scoring_elements	0.83568
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1797453
reference_id	1797453
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1797453

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812
reference_id	933812
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812

reference_url	https://access.redhat.com/errata/RHSA-2020:3977
reference_id	RHSA-2020:3977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3977

reference_url	https://access.redhat.com/errata/RHSA-2020:4643
reference_id	RHSA-2020:4643
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4643

reference_url	https://usn.ubuntu.com/4091-1/
reference_id	USN-4091-1
reference_type
scores
url	https://usn.ubuntu.com/4091-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2019-14494

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5py7-z1gg-9fet

url VCID-8t2a-b56v-tqcs

vulnerability_id VCID-8t2a-b56v-tqcs

summary poppler: stack consumption in function Dict::find() in Dict.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9903

reference_id

reference_type

scores

value	0.00732
scoring_system	epss
scoring_elements	0.72654
published_at	2026-04-01T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72751
published_at	2026-04-21T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72706
published_at	2026-04-13T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72748
published_at	2026-04-16T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72759
published_at	2026-04-18T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72662
published_at	2026-04-02T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-04T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72657
published_at	2026-04-07T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72696
published_at	2026-04-08T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72709
published_at	2026-04-09T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72733
published_at	2026-04-11T12:55:00Z

value	0.00732
scoring_system	epss
scoring_elements	0.72716
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9903

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.freedesktop.org/poppler/poppler/issues/741
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/poppler/poppler/issues/741

reference_url	https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/

reference_url	https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/
reference_id
reference_type
scores
url	https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/

reference_url	http://www.securityfocus.com/bid/107560
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107560

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1691724
reference_id	1691724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1691724

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264
reference_id	925264
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:::::::*
reference_id	cpe:2.3:a:freedesktop:poppler:0.74.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-9903

reference_id

CVE-2019-9903

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-9903

reference_url	https://access.redhat.com/errata/RHSA-2019:2713
reference_id	RHSA-2019:2713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2713

reference_url	https://usn.ubuntu.com/4042-1/
reference_id	USN-4042-1
reference_type
scores
url	https://usn.ubuntu.com/4042-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2019-9903

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8t2a-b56v-tqcs

url VCID-96jm-1vhy-eyfd

vulnerability_id VCID-96jm-1vhy-eyfd

summary poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-11026

reference_id

reference_type

scores

value	0.00514
scoring_system	epss
scoring_elements	0.66509
published_at	2026-04-01T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66615
published_at	2026-04-21T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.6658
published_at	2026-04-13T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66616
published_at	2026-04-16T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66631
published_at	2026-04-18T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66549
published_at	2026-04-02T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66574
published_at	2026-04-04T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66546
published_at	2026-04-07T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66593
published_at	2026-04-08T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66607
published_at	2026-04-09T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66626
published_at	2026-04-11T12:55:00Z

value	0.00514
scoring_system	epss
scoring_elements	0.66614
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-11026

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.freedesktop.org/poppler/poppler/issues/752
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/poppler/poppler/issues/752

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/

reference_url	https://research.loginsoft.com/bugs/1508/
reference_id
reference_type
scores
url	https://research.loginsoft.com/bugs/1508/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1699862
reference_id	1699862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1699862

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721
reference_id	926721
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.75.0:::::::*
reference_id	cpe:2.3:a:freedesktop:poppler:0.75.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.75.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-11026

reference_id

CVE-2019-11026

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-11026

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2019-11026

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96jm-1vhy-eyfd

url VCID-crcj-9bh9-7kb7

vulnerability_id VCID-crcj-9bh9-7kb7

summary poppler: integer overflow in JPXStream::init function leading to memory consumption

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-9959

reference_id

reference_type

scores

value	0.01488
scoring_system	epss
scoring_elements	0.80977
published_at	2026-04-01T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.80986
published_at	2026-04-02T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81009
published_at	2026-04-04T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81008
published_at	2026-04-07T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81036
published_at	2026-04-08T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81043
published_at	2026-04-09T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.8106
published_at	2026-04-11T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81047
published_at	2026-04-12T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81039
published_at	2026-04-13T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81077
published_at	2026-04-16T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81078
published_at	2026-04-18T12:55:00Z

value	0.01488
scoring_system	epss
scoring_elements	0.81075
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-9959

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1732340
reference_id	1732340
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1732340

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776
reference_id	941776
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776

reference_url	https://access.redhat.com/errata/RHSA-2019:2713
reference_id	RHSA-2019:2713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2713

reference_url	https://access.redhat.com/errata/RHSA-2020:1074
reference_id	RHSA-2020:1074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1074

reference_url	https://usn.ubuntu.com/4646-1/
reference_id	USN-4646-1
reference_type
scores
url	https://usn.ubuntu.com/4646-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2019-9959

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crcj-9bh9-7kb7

url VCID-cwyp-gapg-yufk

vulnerability_id VCID-cwyp-gapg-yufk

summary poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20650.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20650.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20650

reference_id

reference_type

scores

value	0.00355
scoring_system	epss
scoring_elements	0.57699
published_at	2026-04-01T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57812
published_at	2026-04-21T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57808
published_at	2026-04-13T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57837
published_at	2026-04-16T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57836
published_at	2026-04-18T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57783
published_at	2026-04-02T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57803
published_at	2026-04-04T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57778
published_at	2026-04-07T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57833
published_at	2026-04-08T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57834
published_at	2026-04-09T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57851
published_at	2026-04-11T12:55:00Z

value	0.00355
scoring_system	epss
scoring_elements	0.57829
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20650

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7

reference_url	https://gitlab.freedesktop.org/poppler/poppler/issues/704
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/poppler/poppler/issues/704

reference_url	https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html

reference_url	https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html

reference_url	https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html

reference_url	http://www.securityfocus.com/bid/106459
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106459

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1665263
reference_id	1665263
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1665263

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974
reference_id	917974
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.72.0:::::::*
reference_id	cpe:2.3:a:freedesktop:poppler:0.72.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.72.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20650

reference_id

CVE-2018-20650

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20650

reference_url	https://access.redhat.com/errata/RHSA-2019:2022
reference_id	RHSA-2019:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2022

reference_url	https://access.redhat.com/errata/RHSA-2019:2713
reference_id	RHSA-2019:2713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2713

reference_url	https://usn.ubuntu.com/3865-1/
reference_id	USN-3865-1
reference_type
scores
url	https://usn.ubuntu.com/3865-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2018-20650

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwyp-gapg-yufk

url VCID-ervj-1sdg-b3bm

vulnerability_id VCID-ervj-1sdg-b3bm

summary poppler: pdfdetach utility does not validate save paths

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19060.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19060.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19060

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35073
published_at	2026-04-01T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35273
published_at	2026-04-02T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35301
published_at	2026-04-04T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35182
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35227
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35252
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35256
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35221
published_at	2026-04-18T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35197
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35235
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35172
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19060

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19060
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19060

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1649450
reference_id	1649450
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1649450

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913182
reference_id	913182
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913182

reference_url	https://access.redhat.com/errata/RHSA-2019:2022
reference_id	RHSA-2019:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2022

reference_url	https://usn.ubuntu.com/3837-1/
reference_id	USN-3837-1
reference_type
scores
url	https://usn.ubuntu.com/3837-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2018-19060

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ervj-1sdg-b3bm

url VCID-k1uz-1eqt-pbc6

vulnerability_id VCID-k1uz-1eqt-pbc6

summary poppler: buffer overflow in HtmlOutputDev::page

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-18839

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.39864
published_at	2026-04-01T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40012
published_at	2026-04-02T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39919
published_at	2026-04-21T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40028
published_at	2026-04-16T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39999
published_at	2026-04-18T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40038
published_at	2026-04-04T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39958
published_at	2026-04-07T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40011
published_at	2026-04-08T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40025
published_at	2026-04-09T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.40035
published_at	2026-04-11T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39998
published_at	2026-04-12T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39978
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-18839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2234524
reference_id	2234524
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2234524

reference_url

https://gitlab.freedesktop.org/poppler/poppler/issues/742

reference_id

742

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:29:54Z/

url

https://gitlab.freedesktop.org/poppler/poppler/issues/742

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2020-18839

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1uz-1eqt-pbc6

url VCID-s3q2-uvnc-wfep

vulnerability_id VCID-s3q2-uvnc-wfep

summary poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10871

reference_id

reference_type

scores

value	0.00628
scoring_system	epss
scoring_elements	0.70182
published_at	2026-04-01T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70276
published_at	2026-04-21T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70244
published_at	2026-04-13T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70286
published_at	2026-04-16T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70295
published_at	2026-04-18T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70194
published_at	2026-04-02T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70211
published_at	2026-04-04T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70188
published_at	2026-04-07T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70234
published_at	2026-04-08T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70249
published_at	2026-04-09T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70272
published_at	2026-04-11T12:55:00Z

value	0.00628
scoring_system	epss
scoring_elements	0.70257
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10871

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.freedesktop.org/poppler/poppler/issues/751
reference_id
reference_type
scores
url	https://gitlab.freedesktop.org/poppler/poppler/issues/751

reference_url	https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html

reference_url	https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/

reference_url	http://www.securityfocus.com/bid/107862
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107862

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696636
reference_id	1696636
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696636

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529
reference_id	926529
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:::::::*
reference_id	cpe:2.3:a:freedesktop:poppler:0.74.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10871

reference_id

CVE-2019-10871

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10871

reference_url	https://access.redhat.com/errata/RHSA-2019:2713
reference_id	RHSA-2019:2713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2713

reference_url	https://access.redhat.com/errata/RHSA-2020:1074
reference_id	RHSA-2020:1074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1074

reference_url	https://usn.ubuntu.com/4646-1/
reference_id	USN-4646-1
reference_type
scores
url	https://usn.ubuntu.com/4646-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2019-10871

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3q2-uvnc-wfep

url VCID-tt3h-qbbv-zuev

vulnerability_id VCID-tt3h-qbbv-zuev

summary poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18897

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.3556
published_at	2026-04-21T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35581
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.3562
published_at	2026-04-16T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35609
published_at	2026-04-18T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41653
published_at	2026-04-04T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4163
published_at	2026-04-08T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41639
published_at	2026-04-09T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41663
published_at	2026-04-11T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41629
published_at	2026-04-12T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41536
published_at	2026-04-01T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.4158
published_at	2026-04-07T12:55:00Z

value	0.00197
scoring_system	epss
scoring_elements	0.41626
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18897

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1646546
reference_id	1646546
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1646546

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164
reference_id	913164
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164

reference_url	https://access.redhat.com/errata/RHSA-2019:2022
reference_id	RHSA-2019:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2022

reference_url	https://access.redhat.com/errata/RHSA-2019:2713
reference_id	RHSA-2019:2713
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2713

reference_url	https://usn.ubuntu.com/4042-1/
reference_id	USN-4042-1
reference_type
scores
url	https://usn.ubuntu.com/4042-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2018-18897

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tt3h-qbbv-zuev

url VCID-wbyn-9mx6-a3gd

vulnerability_id VCID-wbyn-9mx6-a3gd

summary poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19059

reference_id

reference_type

scores

value	0.00129
scoring_system	epss
scoring_elements	0.3222
published_at	2026-04-01T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32355
published_at	2026-04-02T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32392
published_at	2026-04-04T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32217
published_at	2026-04-07T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32266
published_at	2026-04-08T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32295
published_at	2026-04-09T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32296
published_at	2026-04-11T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32258
published_at	2026-04-12T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32226
published_at	2026-04-13T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32261
published_at	2026-04-16T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32241
published_at	2026-04-18T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32212
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19059

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1649440
reference_id	1649440
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1649440

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180
reference_id	913180
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180

reference_url	https://access.redhat.com/errata/RHSA-2019:2022
reference_id	RHSA-2019:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2022

reference_url	https://usn.ubuntu.com/3837-1/
reference_id	USN-3837-1
reference_type
scores
url	https://usn.ubuntu.com/3837-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2018-19059

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbyn-9mx6-a3gd

url VCID-zzy2-1yr8-83cf

vulnerability_id VCID-zzy2-1yr8-83cf

summary poppler: reachable abort in Object.h

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19058

reference_id

reference_type

scores

value	0.00276
scoring_system	epss
scoring_elements	0.50976
published_at	2026-04-01T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51029
published_at	2026-04-02T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51054
published_at	2026-04-04T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51011
published_at	2026-04-07T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51068
published_at	2026-04-08T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51065
published_at	2026-04-09T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51108
published_at	2026-04-11T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51087
published_at	2026-04-12T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51071
published_at	2026-04-13T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.5111
published_at	2026-04-16T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51116
published_at	2026-04-18T12:55:00Z

value	0.00276
scoring_system	epss
scoring_elements	0.51093
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19058

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1649435
reference_id	1649435
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1649435

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177
reference_id	913177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177

reference_url	https://access.redhat.com/errata/RHSA-2019:2022
reference_id	RHSA-2019:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:2022

reference_url	https://usn.ubuntu.com/3837-1/
reference_id	USN-3837-1
reference_type
scores
url	https://usn.ubuntu.com/3837-1/

fixed_packages

url	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.85.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2018-19058

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zzy2-1yr8-83cf

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie

Package Instance