{"url":"http://public2.vulnerablecode.io/api/packages/3206?format=json","purl":"pkg:alpm/archlinux/libmupdf@1.11-5","type":"alpm","namespace":"archlinux","name":"libmupdf","version":"1.11-5","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.13.0-1","latest_non_vulnerable_version":"1.13.0-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6429?format=json","vulnerability_id":"VCID-2jdf-swhe-xkf2","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14686","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56178","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379","reference_id":"877379","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379"},{"reference_url":"https://security.archlinux.org/ASA-201711-1","reference_id":"ASA-201711-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-1"},{"reference_url":"https://security.archlinux.org/ASA-201711-2","reference_id":"ASA-201711-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-2"},{"reference_url":"https://security.archlinux.org/ASA-201711-3","reference_id":"ASA-201711-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-3"},{"reference_url":"https://security.archlinux.org/ASA-201711-4","reference_id":"ASA-201711-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-4"},{"reference_url":"https://security.archlinux.org/ASA-201711-5","reference_id":"ASA-201711-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-5"},{"reference_url":"https://security.archlinux.org/AVG-458","reference_id":"AVG-458","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-458"},{"reference_url":"https://security.archlinux.org/AVG-476","reference_id":"AVG-476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/3206?format=json","purl":"pkg:alpm/archlinux/libmupdf@1.11-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libmupdf@1.11-5"}],"aliases":["CVE-2017-14686"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jdf-swhe-xkf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6430?format=json","vulnerability_id":"VCID-2smv-bq3w-vfa2","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14685","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30879","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379","reference_id":"877379","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379"},{"reference_url":"https://security.archlinux.org/ASA-201711-1","reference_id":"ASA-201711-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-1"},{"reference_url":"https://security.archlinux.org/ASA-201711-2","reference_id":"ASA-201711-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-2"},{"reference_url":"https://security.archlinux.org/ASA-201711-3","reference_id":"ASA-201711-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-3"},{"reference_url":"https://security.archlinux.org/ASA-201711-4","reference_id":"ASA-201711-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-4"},{"reference_url":"https://security.archlinux.org/ASA-201711-5","reference_id":"ASA-201711-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-5"},{"reference_url":"https://security.archlinux.org/AVG-458","reference_id":"AVG-458","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-458"},{"reference_url":"https://security.archlinux.org/AVG-476","reference_id":"AVG-476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/3206?format=json","purl":"pkg:alpm/archlinux/libmupdf@1.11-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libmupdf@1.11-5"}],"aliases":["CVE-2017-14685"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2smv-bq3w-vfa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6427?format=json","vulnerability_id":"VCID-dved-27bk-n3eu","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15587","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31346","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055","reference_id":"879055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879055"},{"reference_url":"https://security.archlinux.org/ASA-201711-1","reference_id":"ASA-201711-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-1"},{"reference_url":"https://security.archlinux.org/ASA-201711-2","reference_id":"ASA-201711-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-2"},{"reference_url":"https://security.archlinux.org/ASA-201711-3","reference_id":"ASA-201711-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-3"},{"reference_url":"https://security.archlinux.org/ASA-201711-4","reference_id":"ASA-201711-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-4"},{"reference_url":"https://security.archlinux.org/ASA-201711-5","reference_id":"ASA-201711-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-5"},{"reference_url":"https://security.archlinux.org/AVG-458","reference_id":"AVG-458","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-458"},{"reference_url":"https://security.archlinux.org/AVG-476","reference_id":"AVG-476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-476"},{"reference_url":"https://security.gentoo.org/glsa/201811-15","reference_id":"GLSA-201811-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/3206?format=json","purl":"pkg:alpm/archlinux/libmupdf@1.11-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libmupdf@1.11-5"}],"aliases":["CVE-2017-15587"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dved-27bk-n3eu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6428?format=json","vulnerability_id":"VCID-mjqq-2svg-gkav","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14687","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.32974","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379","reference_id":"877379","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877379"},{"reference_url":"https://security.archlinux.org/ASA-201711-1","reference_id":"ASA-201711-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-1"},{"reference_url":"https://security.archlinux.org/ASA-201711-2","reference_id":"ASA-201711-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-2"},{"reference_url":"https://security.archlinux.org/ASA-201711-3","reference_id":"ASA-201711-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-3"},{"reference_url":"https://security.archlinux.org/ASA-201711-4","reference_id":"ASA-201711-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-4"},{"reference_url":"https://security.archlinux.org/ASA-201711-5","reference_id":"ASA-201711-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-5"},{"reference_url":"https://security.archlinux.org/AVG-458","reference_id":"AVG-458","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-458"},{"reference_url":"https://security.archlinux.org/AVG-476","reference_id":"AVG-476","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/3206?format=json","purl":"pkg:alpm/archlinux/libmupdf@1.11-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libmupdf@1.11-5"}],"aliases":["CVE-2017-14687"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjqq-2svg-gkav"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/libmupdf@1.11-5"}