VulnerableCode Package Details - pkg:deb/debian/poco@1.14.2-6?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2yhr-1v3n-p7a4	Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.	CVE-2023-52389
VCID-4zzy-q5zp-jkgm	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3720
VCID-546e-svdf-fyac	A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.	CVE-2025-6375
VCID-7pjn-2s13-d7by	The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.	CVE-2014-0350
VCID-9tkd-v4dq-2bd4	security update	CVE-2017-1000472
VCID-qtav-hqnd-b7fa	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3560

Vulnerability

Summary

Aliases

VCID-2yhr-1v3n-p7a4

Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

CVE-2023-52389

VCID-4zzy-q5zp-jkgm

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.

CVE-2009-3720

VCID-546e-svdf-fyac

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

CVE-2025-6375

VCID-7pjn-2s13-d7by

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.

CVE-2014-0350

VCID-9tkd-v4dq-2bd4

security update

CVE-2017-1000472

VCID-qtav-hqnd-b7fa

CVE-2009-3560

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:41:23.498749+00:00	Debian Importer	Fixing	VCID-9tkd-v4dq-2bd4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:54:24.207330+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:43:21.890408+00:00	Debian Importer	Fixing	VCID-7pjn-2s13-d7by	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:39:15.872174+00:00	Debian Importer	Fixing	VCID-2yhr-1v3n-p7a4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:11:10.795814+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:13:52.840949+00:00	Debian Importer	Fixing	VCID-9tkd-v4dq-2bd4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:37:45.671196+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:13.624877+00:00	Debian Importer	Fixing	VCID-7pjn-2s13-d7by	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:25:29.616591+00:00	Debian Importer	Fixing	VCID-2yhr-1v3n-p7a4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:08:55.547381+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-06T03:06:05.881260+00:00	Debian Importer	Fixing	VCID-546e-svdf-fyac	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:05.827346+00:00	Debian Importer	Fixing	VCID-2yhr-1v3n-p7a4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:05.780463+00:00	Debian Importer	Fixing	VCID-9tkd-v4dq-2bd4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:05.739131+00:00	Debian Importer	Fixing	VCID-7pjn-2s13-d7by	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:05.691245+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-06T03:06:05.643094+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.1.0