Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie

Type deb

Namespace debian

Name poppler

Version 20.09.0-3.1+deb11u2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 22.08.0-2

Latest_non_vulnerable_version 25.03.0-11.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-48ua-ch85-w3cg

vulnerability_id VCID-48ua-ch85-w3cg

summary poppler: Reachable assertion in Object.h

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38349.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-38349

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05484
published_at	2026-04-26T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05403
published_at	2026-04-21T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05443
published_at	2026-04-24T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05714
published_at	2026-04-02T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05755
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05751
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.0579
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05815
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05794
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05785
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05779
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05743
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-38349

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282

reference_id

1282

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:39:03Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2251630
reference_id	2251630
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2251630

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28

reference_id

4564a002bcb6094cc460bc0d5ddff9423fe6dd28

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:39:03Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28

reference_url	https://usn.ubuntu.com/6508-1/
reference_id	USN-6508-1
reference_type
scores
url	https://usn.ubuntu.com/6508-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@22.12.0-2?distro=trixie
purl	pkg:deb/debian/poppler@22.12.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2022-38349

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48ua-ch85-w3cg

url VCID-4ucr-xaac-7uc7

vulnerability_id VCID-4ucr-xaac-7uc7

summary poppler: Floating-Point Exception in Poppler

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32364.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32364

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26434
published_at	2026-04-02T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26319
published_at	2026-04-08T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26478
published_at	2026-04-04T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26252
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26371
published_at	2026-04-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.2638
published_at	2026-04-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26333
published_at	2026-04-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26275
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26281
published_at	2026-04-16T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26256
published_at	2026-04-18T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29831
published_at	2026-04-21T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29755
published_at	2026-04-24T12:55:00Z

value	0.00113
scoring_system	epss
scoring_elements	0.29642
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32364

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102190
reference_id	1102190
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102190

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574

reference_id

1574

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T16:06:56Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2357657
reference_id	2357657
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2357657

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

reference_id

d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T16:06:56Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3

reference_url	https://usn.ubuntu.com/7426-1/
reference_id	USN-7426-1
reference_type
scores
url	https://usn.ubuntu.com/7426-1/

reference_url	https://usn.ubuntu.com/7426-2/
reference_id	USN-7426-2
reference_type
scores
url	https://usn.ubuntu.com/7426-2/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-3?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-3%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2025-32364

risk_score 1.8

exploitability 0.5

weighted_severity 3.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ucr-xaac-7uc7

url VCID-72nw-9jgd-4kdw

vulnerability_id VCID-72nw-9jgd-4kdw

summary poppler: abort in main() in pdfunite.cc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37051.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37051.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37051

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13629
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1369
published_at	2026-04-04T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1349
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13571
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13621
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13593
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13556
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13508
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1342
published_at	2026-04-16T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13416
published_at	2026-04-18T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13489
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13496
published_at	2026-04-24T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13468
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37051

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37051
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37051

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2234528
reference_id	2234528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2234528

reference_url	https://usn.ubuntu.com/6508-1/
reference_id	USN-6508-1
reference_type
scores
url	https://usn.ubuntu.com/6508-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
purl	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.08.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2022-37051

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-72nw-9jgd-4kdw

url VCID-bc96-6vy6-ryfz

vulnerability_id VCID-bc96-6vy6-ryfz

summary poppler: Stack-Overflow in `FoFiType1C::cvtGlyph`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36023.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36023.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36023

reference_id

reference_type

scores

value	0.00068
scoring_system	epss
scoring_elements	0.20984
published_at	2026-04-01T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21138
published_at	2026-04-02T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.208
published_at	2026-04-26T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20955
published_at	2026-04-18T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20935
published_at	2026-04-21T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20804
published_at	2026-04-24T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21193
published_at	2026-04-04T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20906
published_at	2026-04-07T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20987
published_at	2026-04-08T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21048
published_at	2026-04-09T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21064
published_at	2026-04-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.2102
published_at	2026-04-12T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20968
published_at	2026-04-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.20956
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013

reference_id

1013

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:59:31Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2231510
reference_id	2231510
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2231510

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html

reference_id

msg00017.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:59:31Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html

reference_url	https://usn.ubuntu.com/6299-1/
reference_id	USN-6299-1
reference_type
scores
url	https://usn.ubuntu.com/6299-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
purl	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.08.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2020-36023

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bc96-6vy6-ryfz

url VCID-c4wz-u632-eyeh

vulnerability_id VCID-c4wz-u632-eyeh

summary poppler: abort in PDFDoc::savePageAs in PDFDoc.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37050.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37050.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37050

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19984
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19687
published_at	2026-04-26T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19912
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19869
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19811
published_at	2026-04-13T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19783
published_at	2026-04-16T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19786
published_at	2026-04-18T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19799
published_at	2026-04-21T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19693
published_at	2026-04-24T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20043
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19769
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19849
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19903
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274

reference_id

1274

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-02T14:19:32Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2234527
reference_id	2234527
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2234527

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990

reference_id

dcd5bd8238ea448addd102ff045badd0aca1b990

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-02T14:19:32Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990

reference_url

https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html

reference_id

msg00022.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-02T14:19:32Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html

reference_url	https://usn.ubuntu.com/6508-1/
reference_id	USN-6508-1
reference_type
scores
url	https://usn.ubuntu.com/6508-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
purl	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.08.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2022-37050

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c4wz-u632-eyeh

url VCID-d5fj-5prg-97f4

vulnerability_id VCID-d5fj-5prg-97f4

summary poppler: Out-of-Bounds Read in Poppler

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32365.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32365

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23524
published_at	2026-04-02T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23184
published_at	2026-04-26T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23391
published_at	2026-04-13T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23408
published_at	2026-04-16T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23403
published_at	2026-04-18T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23385
published_at	2026-04-21T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23195
published_at	2026-04-24T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23561
published_at	2026-04-04T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23343
published_at	2026-04-07T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23416
published_at	2026-04-08T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23466
published_at	2026-04-09T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23484
published_at	2026-04-11T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23446
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32365

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102191
reference_id	1102191
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102191

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577

reference_id

1577

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:43:55Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792

reference_id

1792

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:43:55Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2357656
reference_id	2357656
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2357656

reference_url	https://access.redhat.com/errata/RHSA-2026:0126
reference_id	RHSA-2026:0126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0126

reference_url	https://access.redhat.com/errata/RHSA-2026:0128
reference_id	RHSA-2026:0128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0128

reference_url	https://access.redhat.com/errata/RHSA-2026:0130
reference_id	RHSA-2026:0130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0130

reference_url	https://access.redhat.com/errata/RHSA-2026:0772
reference_id	RHSA-2026:0772
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0772

reference_url	https://access.redhat.com/errata/RHSA-2026:0773
reference_id	RHSA-2026:0773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0773

reference_url	https://access.redhat.com/errata/RHSA-2026:0774
reference_id	RHSA-2026:0774
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0774

reference_url	https://access.redhat.com/errata/RHSA-2026:0795
reference_id	RHSA-2026:0795
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0795

reference_url	https://access.redhat.com/errata/RHSA-2026:0796
reference_id	RHSA-2026:0796
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0796

reference_url	https://access.redhat.com/errata/RHSA-2026:0797
reference_id	RHSA-2026:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0797

reference_url	https://access.redhat.com/errata/RHSA-2026:0799
reference_id	RHSA-2026:0799
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0799

reference_url	https://access.redhat.com/errata/RHSA-2026:1090
reference_id	RHSA-2026:1090
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1090

reference_url	https://access.redhat.com/errata/RHSA-2026:1091
reference_id	RHSA-2026:1091
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1091

reference_url	https://usn.ubuntu.com/7426-1/
reference_id	USN-7426-1
reference_type
scores
url	https://usn.ubuntu.com/7426-1/

reference_url	https://usn.ubuntu.com/7426-2/
reference_id	USN-7426-2
reference_type
scores
url	https://usn.ubuntu.com/7426-2/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-3?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-3%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2025-32365

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5fj-5prg-97f4

url VCID-n1sx-y7xc-kqfb

vulnerability_id VCID-n1sx-y7xc-kqfb

summary poppler: NULL pointer dereference in `FoFiType1C::convertToType1`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36024.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36024.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36024

reference_id

reference_type

scores

value	0.00095
scoring_system	epss
scoring_elements	0.26431
published_at	2026-04-11T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26481
published_at	2026-04-02T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26196
published_at	2026-04-26T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26308
published_at	2026-04-18T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26272
published_at	2026-04-21T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26203
published_at	2026-04-24T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26524
published_at	2026-04-04T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26305
published_at	2026-04-07T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26373
published_at	2026-04-08T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26423
published_at	2026-04-09T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26385
published_at	2026-04-12T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26327
published_at	2026-04-13T12:55:00Z

value	0.00095
scoring_system	epss
scoring_elements	0.26335
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36024

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016

reference_id

1016

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:56:32Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2231520
reference_id	2231520
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2231520

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html

reference_id

msg00017.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:56:32Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html

reference_url	https://access.redhat.com/errata/RHSA-2024:2979
reference_id	RHSA-2024:2979
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2979

reference_url	https://usn.ubuntu.com/6299-1/
reference_id	USN-6299-1
reference_type
scores
url	https://usn.ubuntu.com/6299-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
purl	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.08.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2020-36024

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1sx-y7xc-kqfb

url VCID-nqqu-29qr-wfec

vulnerability_id VCID-nqqu-29qr-wfec

summary poppler: reachable assertion due to a failure in markObject()

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37052.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37052.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37052

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07427
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07498
published_at	2026-04-26T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07418
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07547
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07508
published_at	2026-04-24T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07469
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07451
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07509
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07532
published_at	2026-04-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07534
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0752
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07507
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07429
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37052

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37052
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37052

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278

reference_id

1278

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:06:03Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2234530
reference_id	2234530
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2234530

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c

reference_id

8677500399fc2548fa816b619580c2c07915a98c

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T19:06:03Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c

reference_url	https://usn.ubuntu.com/6508-1/
reference_id	USN-6508-1
reference_type
scores
url	https://usn.ubuntu.com/6508-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
purl	pkg:deb/debian/poppler@22.08.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.08.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2022-37052

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqu-29qr-wfec

url VCID-tfe8-bq62-3ke4

vulnerability_id VCID-tfe8-bq62-3ke4

summary Poppler: out-of-bounds read

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56378.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56378

reference_id

reference_type

scores

value	0.00305
scoring_system	epss
scoring_elements	0.53742
published_at	2026-04-26T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53774
published_at	2026-04-11T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53757
published_at	2026-04-12T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53741
published_at	2026-04-13T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53779
published_at	2026-04-16T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53783
published_at	2026-04-18T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53765
published_at	2026-04-21T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53731
published_at	2026-04-24T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53679
published_at	2026-04-02T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53707
published_at	2026-04-04T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53675
published_at	2026-04-07T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53728
published_at	2026-04-08T12:55:00Z

value	0.00305
scoring_system	epss
scoring_elements	0.53725
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56378

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091322
reference_id	1091322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091322

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553

reference_id

1553

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2333794
reference_id	2333794
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2333794

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e

reference_id

ade9b5ebed44b0c15522c27669ef6cdf93eff84e

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e

reference_url

https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621

reference_id

CMakeLists.txt#L621

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-26T19:27:24Z/

url

https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621

reference_url	https://usn.ubuntu.com/7213-1/
reference_id	USN-7213-1
reference_type
scores
url	https://usn.ubuntu.com/7213-1/

fixed_packages

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-48d5-zxmm-r3g4

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-anb3-1s96-wbaq

vulnerability	VCID-ygrf-gq35-fkfd

vulnerability	VCID-yy6j-1h5z-wbgp

vulnerability	VCID-yyxy-juya-a3f1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/poppler@24.08.0-4?distro=trixie
purl	pkg:deb/debian/poppler@24.08.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@24.08.0-4%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a8zz-dfdm-1uf7

vulnerability	VCID-yy6j-1h5z-wbgp

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
purl	pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

aliases CVE-2024-56378

risk_score 2.0

exploitability 0.5

weighted_severity 4.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfe8-bq62-3ke4

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u2%3Fdistro=trixie

Package Instance