{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","type":"apk","namespace":"alpine","name":"podofo","version":"0.9.6-r0","qualifiers":{"arch":"riscv64","distroversion":"v3.23","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.9.7-r0","latest_non_vulnerable_version":"0.9.7-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76865?format=json","vulnerability_id":"VCID-316u-w5wu-9feb","summary":"In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5296","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3869","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5296"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1426","reference_id":"AVG-1426","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-5296"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-316u-w5wu-9feb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174385?format=json","vulnerability_id":"VCID-3gwq-ra2s-x3bg","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8000","reference_id":"","reference_type":"","scores":[{"value":"0.01994","scoring_system":"epss","scoring_elements":"0.83953","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01994","scoring_system":"epss","scoring_elements":"0.83976","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8000"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1426","reference_id":"AVG-1426","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-8000"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gwq-ra2s-x3bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76854?format=json","vulnerability_id":"VCID-518j-a2se-s7en","summary":"The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8054","reference_id":"","reference_type":"","scores":[{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61152","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00402","scoring_system":"epss","scoring_elements":"0.61201","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8054"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860995","reference_id":"860995","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860995"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-8054"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-518j-a2se-s7en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6598?format=json","vulnerability_id":"VCID-63z7-jtyr-jug8","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7381","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43461","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7381"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329","reference_id":"859329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7381"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63z7-jtyr-jug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76855?format=json","vulnerability_id":"VCID-6t38-8fgf-1bct","summary":"Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8378","reference_id":"","reference_type":"","scores":[{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.74059","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.74093","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8378"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597","reference_id":"861597","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-8378"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t38-8fgf-1bct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6601?format=json","vulnerability_id":"VCID-a5k2-czfx-3qa8","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7378","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62962","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63004","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7378"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330","reference_id":"859330","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859330"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7378"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a5k2-czfx-3qa8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76860?format=json","vulnerability_id":"VCID-a7tq-z4ru-x3e4","summary":"Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12982","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38781","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.594","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12982"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12982","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12982"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916581","reference_id":"916581","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916581"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-12982"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7tq-z4ru-x3e4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6600?format=json","vulnerability_id":"VCID-a97h-vdzy-e7cj","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7379","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63004","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00813","scoring_system":"epss","scoring_elements":"0.74622","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7379"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7379","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7379"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331","reference_id":"859331","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859331"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7379"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a97h-vdzy-e7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76868?format=json","vulnerability_id":"VCID-c18a-ad9t-tuh7","summary":"In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5783","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37074","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37164","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5783"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916142","reference_id":"916142","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916142"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-5783"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c18a-ad9t-tuh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6599?format=json","vulnerability_id":"VCID-dx1p-226q-mkb8","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7380","reference_id":"","reference_type":"","scores":[{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62962","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.63004","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7380"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329","reference_id":"859329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7380"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx1p-226q-mkb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76866?format=json","vulnerability_id":"VCID-esuc-bxyu-5yaf","summary":"PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5308","reference_id":"","reference_type":"","scores":[{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.77402","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01007","scoring_system":"epss","scoring_elements":"0.7743","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5308"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5308","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5308"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602","reference_id":"854602","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854602"},{"reference_url":"https://security.archlinux.org/AVG-1426","reference_id":"AVG-1426","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1426"},{"reference_url":"https://usn.ubuntu.com/7217-1/","reference_id":"USN-7217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-5308"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esuc-bxyu-5yaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76858?format=json","vulnerability_id":"VCID-f5rd-ukfj-d7gm","summary":"An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11255","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62263","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.62312","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11255"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916584","reference_id":"916584","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916584"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"},{"reference_url":"https://usn.ubuntu.com/7217-1/","reference_id":"USN-7217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-11255"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5rd-ukfj-d7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76864?format=json","vulnerability_id":"VCID-fma7-b6ey-hfce","summary":"In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5295","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3869","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5295"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511","reference_id":"889511","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889511"},{"reference_url":"https://security.archlinux.org/AVG-1426","reference_id":"AVG-1426","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-5295"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fma7-b6ey-hfce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76851?format=json","vulnerability_id":"VCID-hz7z-m9uk-gff2","summary":"The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6848","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38768","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38857","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6848"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861565","reference_id":"861565","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861565"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-6848"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hz7z-m9uk-gff2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6596?format=json","vulnerability_id":"VCID-jut9-e84m-d3eq","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7383","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43461","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7383"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329","reference_id":"859329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7383"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jut9-e84m-d3eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6595?format=json","vulnerability_id":"VCID-md8c-ewv8-gyf9","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7994","reference_id":"","reference_type":"","scores":[{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.71069","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00645","scoring_system":"epss","scoring_elements":"0.71112","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7994"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7994","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7994"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930","reference_id":"860930","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860930"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7994"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-md8c-ewv8-gyf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6597?format=json","vulnerability_id":"VCID-nx3g-8rny-2ffm","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7382","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43461","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7382"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329","reference_id":"859329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329"},{"reference_url":"https://security.archlinux.org/AVG-216","reference_id":"AVG-216","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-216"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2017-7382"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nx3g-8rny-2ffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76859?format=json","vulnerability_id":"VCID-nzcx-gn2k-4uhz","summary":"An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11256","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53743","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53801","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11256"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11256","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11256"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916583","reference_id":"916583","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916583"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-11256"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nzcx-gn2k-4uhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76867?format=json","vulnerability_id":"VCID-pkrw-gaqw-rfe3","summary":"In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5309","reference_id":"","reference_type":"","scores":[{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70548","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00624","scoring_system":"epss","scoring_elements":"0.70591","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5309"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1426","reference_id":"AVG-1426","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-5309"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkrw-gaqw-rfe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3435?format=json","vulnerability_id":"VCID-verj-pcgf-gufp","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8002","reference_id":"","reference_type":"","scores":[{"value":"0.05842","scoring_system":"epss","scoring_elements":"0.90709","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05842","scoring_system":"epss","scoring_elements":"0.90722","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8002"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892557","reference_id":"892557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892557"},{"reference_url":"https://security.archlinux.org/AVG-1427","reference_id":"AVG-1427","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1427"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44946.txt","reference_id":"CVE-2018-8002","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44946.txt"},{"reference_url":"https://usn.ubuntu.com/7217-1/","reference_id":"USN-7217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-8002"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-verj-pcgf-gufp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76869?format=json","vulnerability_id":"VCID-wm3b-jyn4-dfd5","summary":"In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6352","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3869","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6352"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/AVG-1426","reference_id":"AVG-1426","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-6352"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm3b-jyn4-dfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76857?format=json","vulnerability_id":"VCID-y1ss-dj9f-bqge","summary":"An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11254","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.3869","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38781","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11254"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916585","reference_id":"916585","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916585"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/338598?format=json","purl":"pkg:apk/alpine/podofo@0.9.6-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2018-11254"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1ss-dj9f-bqge"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"}