{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","type":"deb","namespace":"debian","name":"xpdf","version":"3.02-9","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.02-19","latest_non_vulnerable_version":"3.04+git20260220-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98412?format=json","vulnerability_id":"VCID-3vgu-ee92-7fes","summary":"An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4653.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4653.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4653","reference_id":"","reference_type":"","scores":[{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74091","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74124","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00782","scoring_system":"epss","scoring_elements":"0.74128","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4653"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=672165","reference_id":"672165","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=672165"},{"reference_url":"https://security.gentoo.org/glsa/201310-03","reference_id":"GLSA-201310-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4653"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3vgu-ee92-7fes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98416?format=json","vulnerability_id":"VCID-81u8-t1f3-yqak","summary":"t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1552.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1552.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1552","reference_id":"","reference_type":"","scores":[{"value":"0.22374","scoring_system":"epss","scoring_elements":"0.95931","published_at":"2026-06-04T12:55:00Z"},{"value":"0.22374","scoring_system":"epss","scoring_elements":"0.95935","published_at":"2026-06-05T12:55:00Z"},{"value":"0.22374","scoring_system":"epss","scoring_elements":"0.95939","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1552"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=692853","reference_id":"692853","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=692853"},{"reference_url":"https://security.gentoo.org/glsa/201701-57","reference_id":"GLSA-201701-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0062","reference_id":"RHSA-2012:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0137","reference_id":"RHSA-2012:0137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1201","reference_id":"RHSA-2012:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1201"},{"reference_url":"https://usn.ubuntu.com/1335-1/","reference_id":"USN-1335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1552"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81u8-t1f3-yqak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98409?format=json","vulnerability_id":"VCID-a38z-2b8g-x7ex","summary":"The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3702.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3702.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3702","reference_id":"","reference_type":"","scores":[{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89576","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89593","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04722","scoring_system":"epss","scoring_elements":"0.89592","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=595245","reference_id":"595245","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=595245"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165","reference_id":"599165","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165"},{"reference_url":"https://security.gentoo.org/glsa/201310-03","reference_id":"GLSA-201310-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-03"},{"reference_url":"https://security.gentoo.org/glsa/201402-17","reference_id":"GLSA-201402-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0749","reference_id":"RHSA-2010:0749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0750","reference_id":"RHSA-2010:0750","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0750"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0751","reference_id":"RHSA-2010:0751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0752","reference_id":"RHSA-2010:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0753","reference_id":"RHSA-2010:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0754","reference_id":"RHSA-2010:0754","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0754"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0755","reference_id":"RHSA-2010:0755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0859","reference_id":"RHSA-2010:0859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1201","reference_id":"RHSA-2012:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1201"},{"reference_url":"https://usn.ubuntu.com/1005-1/","reference_id":"USN-1005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2010-3702"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a38z-2b8g-x7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98415?format=json","vulnerability_id":"VCID-bdf9-n87u-33d6","summary":"t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0764.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0764","reference_id":"","reference_type":"","scores":[{"value":"0.31187","scoring_system":"epss","scoring_elements":"0.96854","published_at":"2026-06-04T12:55:00Z"},{"value":"0.31187","scoring_system":"epss","scoring_elements":"0.96858","published_at":"2026-06-05T12:55:00Z"},{"value":"0.31187","scoring_system":"epss","scoring_elements":"0.96863","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=692909","reference_id":"692909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=692909"},{"reference_url":"https://security.gentoo.org/glsa/201701-57","reference_id":"GLSA-201701-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0062","reference_id":"RHSA-2012:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0137","reference_id":"RHSA-2012:0137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1201","reference_id":"RHSA-2012:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1201"},{"reference_url":"https://usn.ubuntu.com/1316-1/","reference_id":"USN-1316-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1316-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0764"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdf9-n87u-33d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98417?format=json","vulnerability_id":"VCID-kbm2-5z85-mueq","summary":"Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1553.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1553.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1553","reference_id":"","reference_type":"","scores":[{"value":"0.04953","scoring_system":"epss","scoring_elements":"0.89832","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04953","scoring_system":"epss","scoring_elements":"0.89848","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04953","scoring_system":"epss","scoring_elements":"0.89849","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1553"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=692854","reference_id":"692854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=692854"},{"reference_url":"https://security.gentoo.org/glsa/201701-57","reference_id":"GLSA-201701-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0062","reference_id":"RHSA-2012:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0137","reference_id":"RHSA-2012:0137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1201","reference_id":"RHSA-2012:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1201"},{"reference_url":"https://usn.ubuntu.com/1335-1/","reference_id":"USN-1335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1553"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbm2-5z85-mueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98411?format=json","vulnerability_id":"VCID-qpf5-vgfn-xbf5","summary":"The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3704.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3704.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3704","reference_id":"","reference_type":"","scores":[{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79768","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79794","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01262","scoring_system":"epss","scoring_elements":"0.79799","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165","reference_id":"599165","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=638960","reference_id":"638960","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=638960"},{"reference_url":"https://security.gentoo.org/glsa/201310-03","reference_id":"GLSA-201310-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-03"},{"reference_url":"https://security.gentoo.org/glsa/201402-17","reference_id":"GLSA-201402-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201402-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0749","reference_id":"RHSA-2010:0749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0751","reference_id":"RHSA-2010:0751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0752","reference_id":"RHSA-2010:0752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0753","reference_id":"RHSA-2010:0753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0859","reference_id":"RHSA-2010:0859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0859"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1201","reference_id":"RHSA-2012:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1201"},{"reference_url":"https://usn.ubuntu.com/1005-1/","reference_id":"USN-1005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2010-3704"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpf5-vgfn-xbf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98419?format=json","vulnerability_id":"VCID-srx1-bw8h-r3bq","summary":"Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1554.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1554.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1554","reference_id":"","reference_type":"","scores":[{"value":"0.06576","scoring_system":"epss","scoring_elements":"0.9132","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06576","scoring_system":"epss","scoring_elements":"0.91333","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06576","scoring_system":"epss","scoring_elements":"0.91335","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1554"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=692856","reference_id":"692856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=692856"},{"reference_url":"https://security.gentoo.org/glsa/201701-57","reference_id":"GLSA-201701-57","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-57"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0062","reference_id":"RHSA-2012:0062","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0062"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0137","reference_id":"RHSA-2012:0137","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0137"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1201","reference_id":"RHSA-2012:1201","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1201"},{"reference_url":"https://usn.ubuntu.com/1335-1/","reference_id":"USN-1335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1554"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srx1-bw8h-r3bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98410?format=json","vulnerability_id":"VCID-v64k-zdgf-5ugz","summary":"The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3703.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3703.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3703","reference_id":"","reference_type":"","scores":[{"value":"0.01121","scoring_system":"epss","scoring_elements":"0.78582","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01121","scoring_system":"epss","scoring_elements":"0.7861","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01121","scoring_system":"epss","scoring_elements":"0.78617","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165","reference_id":"599165","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=639356","reference_id":"639356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=639356"},{"reference_url":"https://security.gentoo.org/glsa/201310-03","reference_id":"GLSA-201310-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0859","reference_id":"RHSA-2010:0859","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0859"},{"reference_url":"https://usn.ubuntu.com/1005-1/","reference_id":"USN-1005-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1005-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/136605?format=json","purl":"pkg:deb/debian/xpdf@3.02-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136556?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136554?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136558?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/136557?format=json","purl":"pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie"}],"aliases":["CVE-2010-3703"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v64k-zdgf-5ugz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.02-9%3Fdistro=trixie"}