VulnerableCode Package Details - pkg:deb/debian/poco@1.10.0-6%2Bdeb11u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-2yhr-1v3n-p7a4 Aliases: CVE-2023-52389	Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.	1.11.0-3+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-546e-svdf-fyac Aliases: CVE-2025-6375	A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.	1.14.2-3 Affected by 0 other vulnerabilities. 1.14.2-4 Affected by 0 other vulnerabilities. 1.14.2-6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2yhr-1v3n-p7a4
Aliases:
CVE-2023-52389

Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

1.11.0-3+deb12u1
Affected by 1 other vulnerability.

VCID-546e-svdf-fyac
Aliases:
CVE-2025-6375

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

1.14.2-3
Affected by 0 other vulnerabilities.

1.14.2-4
Affected by 0 other vulnerabilities.

1.14.2-6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:40:53.808826+00:00	Debian Importer	Affected by	VCID-546e-svdf-fyac	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T17:50:12.453507+00:00	Debian Oval Importer	Affected by	VCID-2yhr-1v3n-p7a4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T18:26:26.391729+00:00	Debian Importer	Affected by	VCID-546e-svdf-fyac	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:36:13.981109+00:00	Debian Oval Importer	Affected by	VCID-2yhr-1v3n-p7a4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T18:17:19.538116+00:00	Debian Importer	Affected by	VCID-546e-svdf-fyac	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T17:23:44.996321+00:00	Debian Oval Importer	Affected by	VCID-2yhr-1v3n-p7a4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0