Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/338598?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "type": "apk", "namespace": "alpine", "name": "podofo", "version": "0.9.6-r0", "qualifiers": { "arch": "riscv64", "distroversion": "v3.23", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.9.7-r0", "latest_non_vulnerable_version": "0.9.7-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76865?format=api", "vulnerability_id": "VCID-316u-w5wu-9feb", "summary": "In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5296", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3869", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38784", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5296" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-1426", "reference_id": "AVG-1426", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-5296" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-316u-w5wu-9feb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174385?format=api", "vulnerability_id": "VCID-3gwq-ra2s-x3bg", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01994", "scoring_system": "epss", "scoring_elements": "0.83953", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01994", "scoring_system": "epss", "scoring_elements": "0.83976", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01994", "scoring_system": "epss", "scoring_elements": "0.83978", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8000" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-1426", "reference_id": "AVG-1426", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-8000" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwq-ra2s-x3bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76854?format=api", "vulnerability_id": "VCID-518j-a2se-s7en", "summary": "The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61152", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61201", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.61208", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8054" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860995", "reference_id": "860995", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860995" }, { "reference_url": "https://security.archlinux.org/ASA-202101-36", "reference_id": "ASA-202101-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-36" }, { "reference_url": "https://security.archlinux.org/AVG-867", "reference_id": "AVG-867", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-8054" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-518j-a2se-s7en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6598?format=api", "vulnerability_id": "VCID-63z7-jtyr-jug8", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43461", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43472", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7381" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329", "reference_id": "859329", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7381" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63z7-jtyr-jug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76855?format=api", "vulnerability_id": "VCID-6t38-8fgf-1bct", "summary": "Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.74059", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.74093", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00781", "scoring_system": "epss", "scoring_elements": "0.74097", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8378" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597", "reference_id": "861597", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-8378" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6t38-8fgf-1bct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6601?format=api", "vulnerability_id": "VCID-a5k2-czfx-3qa8", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62962", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63004", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63013", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7378" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7378", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330", "reference_id": "859330", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7378" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a5k2-czfx-3qa8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76860?format=api", "vulnerability_id": "VCID-a7tq-z4ru-x3e4", "summary": "Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38784", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.594", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12982" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12982", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12982" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916581", "reference_id": "916581", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916581" }, { "reference_url": "https://security.archlinux.org/ASA-202101-36", "reference_id": "ASA-202101-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-36" }, { "reference_url": "https://security.archlinux.org/AVG-867", "reference_id": "AVG-867", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-12982" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7tq-z4ru-x3e4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6600?format=api", "vulnerability_id": "VCID-a97h-vdzy-e7cj", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63004", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63013", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74622", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331", "reference_id": "859331", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7379" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a97h-vdzy-e7cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76868?format=api", "vulnerability_id": "VCID-c18a-ad9t-tuh7", "summary": "In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37074", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37164", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37171", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916142", "reference_id": "916142", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916142" }, { "reference_url": "https://security.archlinux.org/ASA-202101-36", "reference_id": "ASA-202101-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-36" }, { "reference_url": "https://security.archlinux.org/AVG-867", "reference_id": "AVG-867", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-5783" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c18a-ad9t-tuh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6599?format=api", "vulnerability_id": "VCID-dx1p-226q-mkb8", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.62962", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63004", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00432", "scoring_system": "epss", "scoring_elements": "0.63013", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329", "reference_id": "859329", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7380" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1p-226q-mkb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76866?format=api", "vulnerability_id": "VCID-esuc-bxyu-5yaf", "summary": "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77402", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.7743", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77439", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5308" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602", "reference_id": "854602", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602" }, { "reference_url": "https://security.archlinux.org/AVG-1426", "reference_id": "AVG-1426", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1426" }, { "reference_url": "https://usn.ubuntu.com/7217-1/", "reference_id": "USN-7217-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7217-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-5308" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esuc-bxyu-5yaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76858?format=api", "vulnerability_id": "VCID-f5rd-ukfj-d7gm", "summary": "An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62312", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0042", "scoring_system": "epss", "scoring_elements": "0.62319", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11255" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916584", "reference_id": "916584", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916584" }, { "reference_url": "https://security.archlinux.org/ASA-202101-36", "reference_id": "ASA-202101-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-36" }, { "reference_url": "https://security.archlinux.org/AVG-867", "reference_id": "AVG-867", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-867" }, { "reference_url": "https://usn.ubuntu.com/7217-1/", "reference_id": "USN-7217-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7217-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-11255" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5rd-ukfj-d7gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76864?format=api", "vulnerability_id": "VCID-fma7-b6ey-hfce", "summary": "In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3869", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38784", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5295" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511", "reference_id": "889511", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511" }, { "reference_url": "https://security.archlinux.org/AVG-1426", "reference_id": "AVG-1426", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-5295" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fma7-b6ey-hfce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76851?format=api", "vulnerability_id": "VCID-hz7z-m9uk-gff2", "summary": "The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38768", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38857", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38862", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6848" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6848" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861565", "reference_id": "861565", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861565" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-6848" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz7z-m9uk-gff2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6596?format=api", "vulnerability_id": "VCID-jut9-e84m-d3eq", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43461", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43472", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7383" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329", "reference_id": "859329", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7383" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jut9-e84m-d3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6595?format=api", "vulnerability_id": "VCID-md8c-ewv8-gyf9", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7994", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71069", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71112", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00645", "scoring_system": "epss", "scoring_elements": "0.71118", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7994" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7994", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7994" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930", "reference_id": "860930", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7994" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-md8c-ewv8-gyf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6597?format=api", "vulnerability_id": "VCID-nx3g-8rny-2ffm", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43461", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0021", "scoring_system": "epss", "scoring_elements": "0.43472", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7382" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329", "reference_id": "859329", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329" }, { "reference_url": "https://security.archlinux.org/AVG-216", "reference_id": "AVG-216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-216" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2017-7382" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx3g-8rny-2ffm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76859?format=api", "vulnerability_id": "VCID-nzcx-gn2k-4uhz", "summary": "An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53743", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53801", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.5381", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11256" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11256", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11256" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916583", "reference_id": "916583", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916583" }, { "reference_url": "https://security.archlinux.org/ASA-202101-36", "reference_id": "ASA-202101-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-36" }, { "reference_url": "https://security.archlinux.org/AVG-867", "reference_id": "AVG-867", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-11256" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcx-gn2k-4uhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76867?format=api", "vulnerability_id": "VCID-pkrw-gaqw-rfe3", "summary": "In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70548", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.70591", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00624", "scoring_system": "epss", "scoring_elements": "0.706", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5309" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-1426", "reference_id": "AVG-1426", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-5309" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pkrw-gaqw-rfe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3435?format=api", "vulnerability_id": "VCID-verj-pcgf-gufp", "summary": "multiple issues", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05842", "scoring_system": "epss", "scoring_elements": "0.90709", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05842", "scoring_system": "epss", "scoring_elements": "0.90722", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05842", "scoring_system": "epss", "scoring_elements": "0.90721", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8002" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8002" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892557", "reference_id": "892557", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892557" }, { "reference_url": "https://security.archlinux.org/AVG-1427", "reference_id": "AVG-1427", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1427" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44946.txt", "reference_id": "CVE-2018-8002", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44946.txt" }, { "reference_url": "https://usn.ubuntu.com/7217-1/", "reference_id": "USN-7217-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7217-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-8002" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-verj-pcgf-gufp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76869?format=api", "vulnerability_id": "VCID-wm3b-jyn4-dfd5", "summary": "In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3869", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38784", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6352" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-1426", "reference_id": "AVG-1426", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-6352" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wm3b-jyn4-dfd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76857?format=api", "vulnerability_id": "VCID-y1ss-dj9f-bqge", "summary": "An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11254", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3869", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38784", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11254" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11254", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11254" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916585", "reference_id": "916585", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916585" }, { "reference_url": "https://security.archlinux.org/ASA-202101-36", "reference_id": "ASA-202101-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-36" }, { "reference_url": "https://security.archlinux.org/AVG-867", "reference_id": "AVG-867", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-867" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/338598?format=api", "purl": "pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" } ], "aliases": [ "CVE-2018-11254" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ss-dj9f-bqge" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }