Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/xpdf@3.02-2?distro=trixie
Typedeb
Namespacedebian
Namexpdf
Version3.02-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.02-9
Latest_non_vulnerable_version3.04+git20260220-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3kna-tmpr-wqdu
vulnerability_id VCID-3kna-tmpr-wqdu
summary The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3604.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3604.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3604
reference_id
reference_type
scores
0
value 0.07495
scoring_system epss
scoring_elements 0.91926
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3604
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=526911
reference_id 526911
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=526911
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
reference_id 551287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
reference_id 551289
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
5
reference_url https://security.gentoo.org/glsa/201310-03
reference_id GLSA-201310-03
reference_type
scores
url https://security.gentoo.org/glsa/201310-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:0480
reference_id RHSA-2009:0480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:0480
7
reference_url https://access.redhat.com/errata/RHSA-2009:1500
reference_id RHSA-2009:1500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1500
8
reference_url https://access.redhat.com/errata/RHSA-2009:1501
reference_id RHSA-2009:1501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1501
9
reference_url https://access.redhat.com/errata/RHSA-2009:1502
reference_id RHSA-2009:1502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1502
10
reference_url https://access.redhat.com/errata/RHSA-2009:1503
reference_id RHSA-2009:1503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1503
11
reference_url https://access.redhat.com/errata/RHSA-2009:1512
reference_id RHSA-2009:1512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1512
fixed_packages
0
url pkg:deb/debian/xpdf@3.02-2?distro=trixie
purl pkg:deb/debian/xpdf@3.02-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie
1
url pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie
2
url pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie
3
url pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie
4
url pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie
aliases CVE-2009-3604
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3kna-tmpr-wqdu
1
url VCID-3pfn-gq15-suez
vulnerability_id VCID-3pfn-gq15-suez
summary Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3608.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3608.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3608
reference_id
reference_type
scores
0
value 0.12664
scoring_system epss
scoring_elements 0.94107
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3608
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=526637
reference_id 526637
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=526637
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
reference_id 551287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
reference_id 551289
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
5
reference_url https://security.gentoo.org/glsa/201310-03
reference_id GLSA-201310-03
reference_type
scores
url https://security.gentoo.org/glsa/201310-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:1501
reference_id RHSA-2009:1501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1501
7
reference_url https://access.redhat.com/errata/RHSA-2009:1502
reference_id RHSA-2009:1502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1502
8
reference_url https://access.redhat.com/errata/RHSA-2009:1503
reference_id RHSA-2009:1503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1503
9
reference_url https://access.redhat.com/errata/RHSA-2009:1504
reference_id RHSA-2009:1504
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1504
10
reference_url https://access.redhat.com/errata/RHSA-2009:1512
reference_id RHSA-2009:1512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1512
11
reference_url https://access.redhat.com/errata/RHSA-2009:1513
reference_id RHSA-2009:1513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1513
12
reference_url https://access.redhat.com/errata/RHSA-2010:0400
reference_id RHSA-2010:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0400
fixed_packages
0
url pkg:deb/debian/xpdf@3.02-2?distro=trixie
purl pkg:deb/debian/xpdf@3.02-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie
1
url pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie
2
url pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie
3
url pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie
4
url pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie
aliases CVE-2009-3608
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3pfn-gq15-suez
2
url VCID-97fh-jnxr-zyc8
vulnerability_id VCID-97fh-jnxr-zyc8
summary Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1188.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1188.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-1188
reference_id
reference_type
scores
0
value 0.21975
scoring_system epss
scoring_elements 0.95876
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-1188
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=495907
reference_id 495907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=495907
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806
reference_id 524806
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524806
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575779
reference_id 575779
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575779
5
reference_url https://security.gentoo.org/glsa/201310-03
reference_id GLSA-201310-03
reference_type
scores
url https://security.gentoo.org/glsa/201310-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:0480
reference_id RHSA-2009:0480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:0480
7
reference_url https://access.redhat.com/errata/RHSA-2009:1501
reference_id RHSA-2009:1501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1501
8
reference_url https://access.redhat.com/errata/RHSA-2009:1502
reference_id RHSA-2009:1502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1502
9
reference_url https://access.redhat.com/errata/RHSA-2009:1503
reference_id RHSA-2009:1503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1503
10
reference_url https://access.redhat.com/errata/RHSA-2009:1512
reference_id RHSA-2009:1512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1512
fixed_packages
0
url pkg:deb/debian/xpdf@3.02-2?distro=trixie
purl pkg:deb/debian/xpdf@3.02-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie
1
url pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie
2
url pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie
3
url pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie
4
url pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie
aliases CVE-2009-1188
risk_score 0.1
exploitability 0.5
weighted_severity 0.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-97fh-jnxr-zyc8
3
url VCID-bzn5-1h8a-pufe
vulnerability_id VCID-bzn5-1h8a-pufe
summary Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3609.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3609.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3609
reference_id
reference_type
scores
0
value 0.05999
scoring_system epss
scoring_elements 0.90846
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3609
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=526893
reference_id 526893
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=526893
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
reference_id 551287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
reference_id 551289
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
5
reference_url https://security.gentoo.org/glsa/201310-03
reference_id GLSA-201310-03
reference_type
scores
url https://security.gentoo.org/glsa/201310-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:1500
reference_id RHSA-2009:1500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1500
7
reference_url https://access.redhat.com/errata/RHSA-2009:1501
reference_id RHSA-2009:1501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1501
8
reference_url https://access.redhat.com/errata/RHSA-2009:1502
reference_id RHSA-2009:1502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1502
9
reference_url https://access.redhat.com/errata/RHSA-2009:1503
reference_id RHSA-2009:1503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1503
10
reference_url https://access.redhat.com/errata/RHSA-2009:1504
reference_id RHSA-2009:1504
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1504
11
reference_url https://access.redhat.com/errata/RHSA-2009:1512
reference_id RHSA-2009:1512
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1512
12
reference_url https://access.redhat.com/errata/RHSA-2009:1513
reference_id RHSA-2009:1513
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1513
13
reference_url https://access.redhat.com/errata/RHSA-2010:0399
reference_id RHSA-2010:0399
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0399
14
reference_url https://access.redhat.com/errata/RHSA-2010:0400
reference_id RHSA-2010:0400
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0400
15
reference_url https://access.redhat.com/errata/RHSA-2010:0401
reference_id RHSA-2010:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0401
16
reference_url https://access.redhat.com/errata/RHSA-2010:0755
reference_id RHSA-2010:0755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0755
fixed_packages
0
url pkg:deb/debian/xpdf@3.02-2?distro=trixie
purl pkg:deb/debian/xpdf@3.02-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie
1
url pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie
2
url pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie
3
url pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie
4
url pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie
aliases CVE-2009-3609
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzn5-1h8a-pufe
4
url VCID-tqdn-gsam-sfg2
vulnerability_id VCID-tqdn-gsam-sfg2
summary Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3606.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3606.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3606
reference_id
reference_type
scores
0
value 0.04772
scoring_system epss
scoring_elements 0.89642
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3606
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=526877
reference_id 526877
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=526877
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
reference_id 551287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
reference_id 551289
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
5
reference_url https://security.gentoo.org/glsa/201310-03
reference_id GLSA-201310-03
reference_type
scores
url https://security.gentoo.org/glsa/201310-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:0458
reference_id RHSA-2009:0458
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:0458
7
reference_url https://access.redhat.com/errata/RHSA-2009:0480
reference_id RHSA-2009:0480
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:0480
8
reference_url https://access.redhat.com/errata/RHSA-2009:1500
reference_id RHSA-2009:1500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1500
9
reference_url https://access.redhat.com/errata/RHSA-2009:1501
reference_id RHSA-2009:1501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1501
10
reference_url https://access.redhat.com/errata/RHSA-2009:1502
reference_id RHSA-2009:1502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1502
fixed_packages
0
url pkg:deb/debian/xpdf@3.02-2?distro=trixie
purl pkg:deb/debian/xpdf@3.02-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie
1
url pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie
2
url pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie
3
url pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie
4
url pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie
aliases CVE-2009-3606
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqdn-gsam-sfg2
5
url VCID-xy5y-8spe-dbft
vulnerability_id VCID-xy5y-8spe-dbft
summary Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3603.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3603.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2009-3603
reference_id
reference_type
scores
0
value 0.06276
scoring_system epss
scoring_elements 0.91081
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2009-3603
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=526915
reference_id 526915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=526915
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
reference_id 551287
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551287
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
reference_id 551289
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
5
reference_url https://security.gentoo.org/glsa/201310-03
reference_id GLSA-201310-03
reference_type
scores
url https://security.gentoo.org/glsa/201310-03
6
reference_url https://access.redhat.com/errata/RHSA-2009:1504
reference_id RHSA-2009:1504
reference_type
scores
url https://access.redhat.com/errata/RHSA-2009:1504
fixed_packages
0
url pkg:deb/debian/xpdf@3.02-2?distro=trixie
purl pkg:deb/debian/xpdf@3.02-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie
1
url pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie
2
url pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie
3
url pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie
4
url pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
purl pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie
aliases CVE-2009-3603
risk_score 0.1
exploitability 0.5
weighted_severity 0.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xy5y-8spe-dbft
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-2%3Fdistro=trixie