Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/poppler@0.69.0-2?distro=trixie

Type deb

Namespace debian

Name poppler

Version 0.69.0-2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.71.0-2

Latest_non_vulnerable_version 26.01.0-4.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4hjh-cqg4-wqdk

vulnerability_id VCID-4hjh-cqg4-wqdk

summary The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18267

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.51066
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1578777
reference_id	1578777
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1578777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357
reference_id	898357
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357

reference_url	https://access.redhat.com/errata/RHSA-2018:3140
reference_id	RHSA-2018:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3140

fixed_packages

url	pkg:deb/debian/poppler@0.69.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.69.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.69.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-25s4-qujz-8kcf

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-arhw-n285-r3dv

vulnerability	VCID-e3pp-vnez-rude

vulnerability	VCID-r2f4-bgaw-t7gu

vulnerability	VCID-sw3e-49nw-w7fv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-25s4-qujz-8kcf

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-arhw-n285-r3dv

vulnerability	VCID-e3pp-vnez-rude

vulnerability	VCID-r2f4-bgaw-t7gu

vulnerability	VCID-sw3e-49nw-w7fv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-e3pp-vnez-rude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3pp-vnez-rude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

url	pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie
purl	pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie

aliases CVE-2017-18267

risk_score 2.3

exploitability 0.5

weighted_severity 4.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjh-cqg4-wqdk

url VCID-fmqa-fers-5ydf

vulnerability_id VCID-fmqa-fers-5ydf

summary Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-13988

reference_id

reference_type

scores

value	0.00696
scoring_system	epss
scoring_elements	0.72309
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-13988

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1602838
reference_id	1602838
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1602838

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922
reference_id	904922
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922

reference_url	https://access.redhat.com/errata/RHSA-2018:3140
reference_id	RHSA-2018:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:3140

fixed_packages

url	pkg:deb/debian/poppler@0.69.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.69.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.69.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-25s4-qujz-8kcf

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-arhw-n285-r3dv

vulnerability	VCID-e3pp-vnez-rude

vulnerability	VCID-r2f4-bgaw-t7gu

vulnerability	VCID-sw3e-49nw-w7fv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-25s4-qujz-8kcf

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-arhw-n285-r3dv

vulnerability	VCID-e3pp-vnez-rude

vulnerability	VCID-r2f4-bgaw-t7gu

vulnerability	VCID-sw3e-49nw-w7fv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-e3pp-vnez-rude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3pp-vnez-rude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

url	pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie
purl	pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie

aliases CVE-2018-13988

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqa-fers-5ydf

url VCID-xbpw-d63u-vyc1

vulnerability_id VCID-xbpw-d63u-vyc1

summary Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21009.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21009.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-21009

reference_id

reference_type

scores

value	0.00481
scoring_system	epss
scoring_elements	0.65479
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-21009

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1753850
reference_id	1753850
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1753850

reference_url	https://access.redhat.com/errata/RHSA-2020:1074
reference_id	RHSA-2020:1074
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1074

fixed_packages

url	pkg:deb/debian/poppler@0.69.0-2?distro=trixie
purl	pkg:deb/debian/poppler@0.69.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.69.0-2%3Fdistro=trixie

url pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-25s4-qujz-8kcf

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-arhw-n285-r3dv

vulnerability	VCID-e3pp-vnez-rude

vulnerability	VCID-r2f4-bgaw-t7gu

vulnerability	VCID-sw3e-49nw-w7fv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-25s4-qujz-8kcf

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-arhw-n285-r3dv

vulnerability	VCID-e3pp-vnez-rude

vulnerability	VCID-r2f4-bgaw-t7gu

vulnerability	VCID-sw3e-49nw-w7fv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4n4u-c4u9-kkep

vulnerability	VCID-4y9q-jfwk-5bde

vulnerability	VCID-e3pp-vnez-rude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie

url pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie

purl pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-e3pp-vnez-rude

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie

url	pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie
purl	pkg:deb/debian/poppler@26.01.0-4.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@26.01.0-4.1%3Fdistro=trixie

aliases CVE-2018-21009

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbpw-d63u-vyc1

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.69.0-2%3Fdistro=trixie

Package Instance