Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
Typeapk
Namespacealpine
Nameqpdf
Version7.0.0-r0
Qualifiers
arch aarch64
distroversion v3.19
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4hja-bnaz-mqhj
vulnerability_id VCID-4hja-bnaz-mqhj
summary libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9208.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9208.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9208
reference_id
reference_type
scores
0
value 0.00432
scoring_system epss
scoring_elements 0.62962
published_at 2026-06-04T12:55:00Z
1
value 0.00432
scoring_system epss
scoring_elements 0.63006
published_at 2026-06-09T12:55:00Z
2
value 0.00432
scoring_system epss
scoring_elements 0.63002
published_at 2026-06-07T12:55:00Z
3
value 0.00432
scoring_system epss
scoring_elements 0.62989
published_at 2026-06-08T12:55:00Z
4
value 0.00432
scoring_system epss
scoring_elements 0.63004
published_at 2026-06-05T12:55:00Z
5
value 0.00432
scoring_system epss
scoring_elements 0.63013
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9208
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9208
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9208
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1454815
reference_id 1454815
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1454815
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863390
reference_id 863390
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863390
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-9208
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hja-bnaz-mqhj
1
url VCID-7tb6-w432-fygr
vulnerability_id VCID-7tb6-w432-fygr
summary A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11627.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11627.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11627
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.52984
published_at 2026-06-04T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53008
published_at 2026-06-08T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.53053
published_at 2026-06-06T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53033
published_at 2026-06-09T12:55:00Z
4
value 0.00294
scoring_system epss
scoring_elements 0.53045
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11627
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11627
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11627
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1475517
reference_id 1475517
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1475517
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
reference_id 871320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-11627
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tb6-w432-fygr
2
url VCID-bsrw-yyy3-wbak
vulnerability_id VCID-bsrw-yyy3-wbak
summary The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12595.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12595.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12595
reference_id
reference_type
scores
0
value 0.01841
scoring_system epss
scoring_elements 0.8331
published_at 2026-06-04T12:55:00Z
1
value 0.01841
scoring_system epss
scoring_elements 0.8334
published_at 2026-06-09T12:55:00Z
2
value 0.01841
scoring_system epss
scoring_elements 0.83334
published_at 2026-06-07T12:55:00Z
3
value 0.01841
scoring_system epss
scoring_elements 0.83326
published_at 2026-06-08T12:55:00Z
4
value 0.01841
scoring_system epss
scoring_elements 0.83335
published_at 2026-06-05T12:55:00Z
5
value 0.01841
scoring_system epss
scoring_elements 0.83338
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12595
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12595
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12595
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:N/I:N/A:P
1
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1485847
reference_id 1485847
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1485847
5
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-12595
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bsrw-yyy3-wbak
3
url VCID-chne-6bpm-n7ap
vulnerability_id VCID-chne-6bpm-n7ap
summary A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11625.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11625.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11625
reference_id
reference_type
scores
0
value 0.00338
scoring_system epss
scoring_elements 0.56846
published_at 2026-06-04T12:55:00Z
1
value 0.00338
scoring_system epss
scoring_elements 0.56894
published_at 2026-06-09T12:55:00Z
2
value 0.00338
scoring_system epss
scoring_elements 0.56892
published_at 2026-06-07T12:55:00Z
3
value 0.00338
scoring_system epss
scoring_elements 0.56877
published_at 2026-06-08T12:55:00Z
4
value 0.00338
scoring_system epss
scoring_elements 0.56897
published_at 2026-06-05T12:55:00Z
5
value 0.00338
scoring_system epss
scoring_elements 0.56904
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11625
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11625
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11625
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1475510
reference_id 1475510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1475510
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
reference_id 871320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-11625
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chne-6bpm-n7ap
4
url VCID-qm66-ewgz-ybht
vulnerability_id VCID-qm66-ewgz-ybht
summary A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11624.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11624.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11624
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24696
published_at 2026-06-04T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24677
published_at 2026-06-09T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24725
published_at 2026-06-07T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24667
published_at 2026-06-08T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24794
published_at 2026-06-05T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24783
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11624
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11624
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11624
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1475507
reference_id 1475507
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1475507
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
reference_id 871320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-11624
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qm66-ewgz-ybht
5
url VCID-svhx-26gx-pqbh
vulnerability_id VCID-svhx-26gx-pqbh
summary A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11626.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11626.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11626
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55655
published_at 2026-06-04T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55706
published_at 2026-06-09T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55705
published_at 2026-06-07T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.55686
published_at 2026-06-08T12:55:00Z
4
value 0.00323
scoring_system epss
scoring_elements 0.55712
published_at 2026-06-05T12:55:00Z
5
value 0.00323
scoring_system epss
scoring_elements 0.55717
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11626
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11626
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11626
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1475514
reference_id 1475514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1475514
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
reference_id 871320
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871320
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-11626
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-svhx-26gx-pqbh
6
url VCID-wxzu-zd5p-jud8
vulnerability_id VCID-wxzu-zd5p-jud8
summary libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9210.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9210.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9210
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22917
published_at 2026-06-04T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22891
published_at 2026-06-09T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22941
published_at 2026-06-07T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22887
published_at 2026-06-08T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.23
published_at 2026-06-05T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22985
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9210
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9210
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9210
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1454819
reference_id 1454819
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1454819
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863390
reference_id 863390
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863390
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-9210
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxzu-zd5p-jud8
7
url VCID-zr76-cjnh-ybbf
vulnerability_id VCID-zr76-cjnh-ybbf
summary libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9209.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9209.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9209
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51961
published_at 2026-06-04T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.51998
published_at 2026-06-09T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.52011
published_at 2026-06-07T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51979
published_at 2026-06-08T12:55:00Z
4
value 0.00283
scoring_system epss
scoring_elements 0.52022
published_at 2026-06-05T12:55:00Z
5
value 0.00283
scoring_system epss
scoring_elements 0.52032
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9209
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9209
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9209
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1454816
reference_id 1454816
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1454816
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863390
reference_id 863390
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863390
6
reference_url https://usn.ubuntu.com/3638-1/
reference_id USN-3638-1
reference_type
scores
url https://usn.ubuntu.com/3638-1/
fixed_packages
0
url pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/qpdf@7.0.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
aliases CVE-2017-9209
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr76-cjnh-ybbf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/qpdf@7.0.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community