Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-aq8b-jdtz-sua5

Summary

Multiple vulnerabilities have been found in Pango, the worst of
    which allow execution of arbitrary code or Denial of Service.

Aliases

alias	CVE-2009-1194

Fixed_packages

url	pkg:deb/debian/pango1.0@1.24.0-2?distro=trixie
purl	pkg:deb/debian/pango1.0@1.24.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.24.0-2%3Fdistro=trixie

url pkg:deb/debian/pango1.0@1.28.3-1%2Bsqueeze2

purl pkg:deb/debian/pango1.0@1.28.3-1%2Bsqueeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dzpc-cu9r-cfam

vulnerability	VCID-j9wd-5mav-47cx

vulnerability	VCID-pjvc-337r-nucz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.28.3-1%252Bsqueeze2

url	pkg:deb/debian/pango1.0@1.46.2-3?distro=trixie
purl	pkg:deb/debian/pango1.0@1.46.2-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.46.2-3%3Fdistro=trixie

url	pkg:deb/debian/pango1.0@1.50.12%2Bds-1?distro=trixie
purl	pkg:deb/debian/pango1.0@1.50.12%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.50.12%252Bds-1%3Fdistro=trixie

url	pkg:deb/debian/pango1.0@1.56.3-1?distro=trixie
purl	pkg:deb/debian/pango1.0@1.56.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.56.3-1%3Fdistro=trixie

url	pkg:deb/debian/pango1.0@1.57.0-1?distro=trixie
purl	pkg:deb/debian/pango1.0@1.57.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.57.0-1%3Fdistro=trixie

url	pkg:deb/debian/pango1.0@1.57.1-1?distro=trixie
purl	pkg:deb/debian/pango1.0@1.57.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.57.1-1%3Fdistro=trixie

url	pkg:deb/debian/pango1.0@1.57.1-2?distro=trixie
purl	pkg:deb/debian/pango1.0@1.57.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.57.1-2%3Fdistro=trixie

url	pkg:ebuild/x11-libs/pango@1.28.3-r1
purl	pkg:ebuild/x11-libs/pango@1.28.3-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/x11-libs/pango@1.28.3-r1

Affected_packages

url pkg:deb/debian/pango1.0@1.0.1-3

purl pkg:deb/debian/pango1.0@1.0.1-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a2tx-5gg2-ebak

vulnerability	VCID-aq8b-jdtz-sua5

vulnerability	VCID-dzpc-cu9r-cfam

vulnerability	VCID-j9wd-5mav-47cx

vulnerability	VCID-pjvc-337r-nucz

vulnerability	VCID-pwrz-qmw8-3qgq

vulnerability	VCID-wgkb-c5ny-pfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.0.1-3

url pkg:deb/debian/pango1.0@1.8.1-1

purl pkg:deb/debian/pango1.0@1.8.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a2tx-5gg2-ebak

vulnerability	VCID-aq8b-jdtz-sua5

vulnerability	VCID-dzpc-cu9r-cfam

vulnerability	VCID-j9wd-5mav-47cx

vulnerability	VCID-pjvc-337r-nucz

vulnerability	VCID-pwrz-qmw8-3qgq

vulnerability	VCID-wgkb-c5ny-pfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.8.1-1

url pkg:deb/debian/pango1.0@1.14.8-5

purl pkg:deb/debian/pango1.0@1.14.8-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a2tx-5gg2-ebak

vulnerability	VCID-aq8b-jdtz-sua5

vulnerability	VCID-dzpc-cu9r-cfam

vulnerability	VCID-j9wd-5mav-47cx

vulnerability	VCID-pjvc-337r-nucz

vulnerability	VCID-pwrz-qmw8-3qgq

vulnerability	VCID-wgkb-c5ny-pfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.14.8-5

url pkg:deb/debian/pango1.0@1.14.8-5%2Betch1

purl pkg:deb/debian/pango1.0@1.14.8-5%2Betch1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a2tx-5gg2-ebak

vulnerability	VCID-aq8b-jdtz-sua5

vulnerability	VCID-dzpc-cu9r-cfam

vulnerability	VCID-j9wd-5mav-47cx

vulnerability	VCID-pjvc-337r-nucz

vulnerability	VCID-pwrz-qmw8-3qgq

vulnerability	VCID-wgkb-c5ny-pfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.14.8-5%252Betch1

url pkg:deb/debian/pango1.0@1.20.5-6

purl pkg:deb/debian/pango1.0@1.20.5-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a2tx-5gg2-ebak

vulnerability	VCID-aq8b-jdtz-sua5

vulnerability	VCID-dzpc-cu9r-cfam

vulnerability	VCID-j9wd-5mav-47cx

vulnerability	VCID-pjvc-337r-nucz

vulnerability	VCID-pwrz-qmw8-3qgq

vulnerability	VCID-wgkb-c5ny-pfg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pango1.0@1.20.5-6

url pkg:rpm/redhat/evolution28-pango@1.14.9-11?arch=el4_7

purl pkg:rpm/redhat/evolution28-pango@1.14.9-11?arch=el4_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-aq8b-jdtz-sua5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/evolution28-pango@1.14.9-11%3Farch=el4_7

url pkg:rpm/redhat/pango@1.6.0-14?arch=4_7

purl pkg:rpm/redhat/pango@1.6.0-14?arch=4_7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-aq8b-jdtz-sua5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pango@1.6.0-14%3Farch=4_7

url pkg:rpm/redhat/pango@1.14.9-5?arch=el5_3

purl pkg:rpm/redhat/pango@1.14.9-5?arch=el5_3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-aq8b-jdtz-sua5

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/pango@1.14.9-5%3Farch=el5_3

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1194.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1194.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-1194

reference_id

reference_type

scores

value	0.0485
scoring_system	epss
scoring_elements	0.89569
published_at	2026-04-29T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89501
published_at	2026-04-01T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89505
published_at	2026-04-02T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89517
published_at	2026-04-04T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89518
published_at	2026-04-07T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89534
published_at	2026-04-08T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89537
published_at	2026-04-13T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89545
published_at	2026-04-11T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89542
published_at	2026-04-12T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89551
published_at	2026-04-16T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89553
published_at	2026-04-18T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.8955
published_at	2026-04-21T12:55:00Z

value	0.0485
scoring_system	epss
scoring_elements	0.89565
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-1194

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=496887
reference_id	496887
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=496887

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527474
reference_id	527474
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527474

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194
reference_id	CVE-2009-1194
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194

reference_url	https://security.gentoo.org/glsa/201405-13
reference_id	GLSA-201405-13
reference_type
scores
url	https://security.gentoo.org/glsa/201405-13

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-36

reference_id

mfsa2009-36

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2009-36

reference_url	https://access.redhat.com/errata/RHSA-2009:0476
reference_id	RHSA-2009:0476
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:0476

reference_url	https://usn.ubuntu.com/773-1/
reference_id	USN-773-1
reference_type
scores
url	https://usn.ubuntu.com/773-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aq8b-jdtz-sua5

Vulnerability Instance