{"url":"http://public2.vulnerablecode.io/api/packages/4533?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2~bpo70%2B1","type":"deb","namespace":"debian","name":"poppler","version":"0.26.5-2~bpo70+1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.01.0-4","latest_non_vulnerable_version":"26.01.0-4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98468?format=json","vulnerability_id":"VCID-161f-sfg7-8bhf","summary":"In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20662.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20662.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20662","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69574","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69614","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20662"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665273","reference_id":"1665273","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665273"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918158","reference_id":"918158","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-20662"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-161f-sfg7-8bhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98433?format=json","vulnerability_id":"VCID-1dky-1wb2-huaa","summary":"In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14519.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14519.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14519","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31051","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499165","reference_id":"1499165","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499165"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876086","reference_id":"876086","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876086"},{"reference_url":"https://usn.ubuntu.com/3433-1/","reference_id":"USN-3433-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3433-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14519"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1dky-1wb2-huaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98483?format=json","vulnerability_id":"VCID-1vfp-wqj8-pqh3","summary":"A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9200.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9200","reference_id":"","reference_type":"","scores":[{"value":"0.03439","scoring_system":"epss","scoring_elements":"0.87706","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03439","scoring_system":"epss","scoring_elements":"0.87727","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9200"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1683632","reference_id":"1683632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1683632"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923414","reference_id":"923414","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/3905-1/","reference_id":"USN-3905-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3905-1/"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-9200"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfp-wqj8-pqh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98437?format=json","vulnerability_id":"VCID-2dsa-qkvf-h3fw","summary":"In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14926.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14926.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14926","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38397","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38485","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14926"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14926","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14926"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500323","reference_id":"1500323","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500323"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877239","reference_id":"877239","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877239"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14926"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2dsa-qkvf-h3fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98445?format=json","vulnerability_id":"VCID-4hjh-cqg4-wqdk","summary":"The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18267","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51066","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51128","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578777","reference_id":"1578777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357","reference_id":"898357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3647-1/","reference_id":"USN-3647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-18267"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hjh-cqg4-wqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98449?format=json","vulnerability_id":"VCID-4msq-ukzj-d7ds","summary":"poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7511.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7511","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44339","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44408","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7511"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1456827","reference_id":"1456827","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1456827"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863759","reference_id":"863759","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863759"},{"reference_url":"https://security.gentoo.org/glsa/201801-17","reference_id":"GLSA-201801-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-17"},{"reference_url":"https://usn.ubuntu.com/3350-1/","reference_id":"USN-3350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3350-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-7511"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4msq-ukzj-d7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98441?format=json","vulnerability_id":"VCID-4mt9-s54t-uub2","summary":"The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14975.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14975.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14975","reference_id":"","reference_type":"","scores":[{"value":"0.01097","scoring_system":"epss","scoring_elements":"0.78346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01097","scoring_system":"epss","scoring_elements":"0.78372","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500343","reference_id":"1500343","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500343"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877957","reference_id":"877957","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877957"},{"reference_url":"https://security.gentoo.org/glsa/201804-03","reference_id":"GLSA-201804-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-03"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14975"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mt9-s54t-uub2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98458?format=json","vulnerability_id":"VCID-4wbd-xbks-b3c7","summary":"An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18897","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35283","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35379","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646546","reference_id":"1646546","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646546"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164","reference_id":"913164","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2018-18897"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4wbd-xbks-b3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98439?format=json","vulnerability_id":"VCID-5py6-nrs3-13f5","summary":"In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14928.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14928","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38397","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38485","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14928"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500322","reference_id":"1500322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500322"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877231","reference_id":"877231","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877231"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14928"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5py6-nrs3-13f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98465?format=json","vulnerability_id":"VCID-62zk-x2n8-wudz","summary":"A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20551.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20551.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20551","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54362","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54418","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20551"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665259","reference_id":"1665259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917525","reference_id":"917525","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/3886-1/","reference_id":"USN-3886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3886-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-20551"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62zk-x2n8-wudz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98442?format=json","vulnerability_id":"VCID-6x2t-evww-sbdv","summary":"The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14976.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14976.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14976","reference_id":"","reference_type":"","scores":[{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78307","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01093","scoring_system":"epss","scoring_elements":"0.78333","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500345","reference_id":"1500345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500345"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877954","reference_id":"877954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877954"},{"reference_url":"https://security.gentoo.org/glsa/201804-03","reference_id":"GLSA-201804-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-03"},{"reference_url":"https://usn.ubuntu.com/3517-1/","reference_id":"USN-3517-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3517-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14976"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6x2t-evww-sbdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98471?format=json","vulnerability_id":"VCID-7bkp-b1ww-7qct","summary":"An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10871","reference_id":"","reference_type":"","scores":[{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70634","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00628","scoring_system":"epss","scoring_elements":"0.70676","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696636","reference_id":"1696636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696636"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529","reference_id":"926529","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1074","reference_id":"RHSA-2020:1074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1074"},{"reference_url":"https://usn.ubuntu.com/4646-1/","reference_id":"USN-4646-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4646-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2019-10871"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bkp-b1ww-7qct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98474?format=json","vulnerability_id":"VCID-7fqy-zt39-2ka2","summary":"FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11026","reference_id":"","reference_type":"","scores":[{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66953","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00514","scoring_system":"epss","scoring_elements":"0.66994","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699862","reference_id":"1699862","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1699862"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721","reference_id":"926721","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2019-11026"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fqy-zt39-2ka2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98435?format=json","vulnerability_id":"VCID-7nuu-hq66-67es","summary":"In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14520.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14520","reference_id":"","reference_type":"","scores":[{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45036","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00223","scoring_system":"epss","scoring_elements":"0.45105","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494582","reference_id":"1494582","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1494582"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876081","reference_id":"876081","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876081"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nuu-hq66-67es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98450?format=json","vulnerability_id":"VCID-7thh-twxp-j3fh","summary":"poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7515.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7515.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7515","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44116","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44184","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7515"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7515","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7515"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1459066","reference_id":"1459066","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1459066"},{"reference_url":"https://usn.ubuntu.com/3350-1/","reference_id":"USN-3350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3350-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-7515"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7thh-twxp-j3fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98455?format=json","vulnerability_id":"VCID-7ukn-38hy-dffs","summary":"There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10768","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83365","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83389","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576169","reference_id":"1576169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3647-1/","reference_id":"USN-3647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3647-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"}],"aliases":["CVE-2018-10768"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ukn-38hy-dffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98473?format=json","vulnerability_id":"VCID-81rk-djd7-wkau","summary":"An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10873.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10873.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10873","reference_id":"","reference_type":"","scores":[{"value":"0.00788","scoring_system":"epss","scoring_elements":"0.74213","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00788","scoring_system":"epss","scoring_elements":"0.74246","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10873"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696637","reference_id":"1696637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696637"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926532","reference_id":"926532","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926532"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-10873"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81rk-djd7-wkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98472?format=json","vulnerability_id":"VCID-9gtz-2mce-kuf6","summary":"An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10872.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10872.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10872","reference_id":"","reference_type":"","scores":[{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76534","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00935","scoring_system":"epss","scoring_elements":"0.76563","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696638","reference_id":"1696638","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1696638"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926530","reference_id":"926530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926530"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-10872"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9gtz-2mce-kuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98486?format=json","vulnerability_id":"VCID-afbw-asht-7bbq","summary":"Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9631.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9631.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9631","reference_id":"","reference_type":"","scores":[{"value":"0.02178","scoring_system":"epss","scoring_elements":"0.84654","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02178","scoring_system":"epss","scoring_elements":"0.84678","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9631"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1686802","reference_id":"1686802","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1686802"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926673","reference_id":"926673","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926673"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-9631"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afbw-asht-7bbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98431?format=json","vulnerability_id":"VCID-aqh3-9esc-jqg7","summary":"In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14517.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14517","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45967","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46036","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499162","reference_id":"1499162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876079","reference_id":"876079","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876079"},{"reference_url":"https://usn.ubuntu.com/3433-1/","reference_id":"USN-3433-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3433-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14517"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqh3-9esc-jqg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98475?format=json","vulnerability_id":"VCID-arjj-gn1s-yue1","summary":"In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12293.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12293","reference_id":"","reference_type":"","scores":[{"value":"0.00948","scoring_system":"epss","scoring_elements":"0.76699","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00948","scoring_system":"epss","scoring_elements":"0.76728","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713582","reference_id":"1713582","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1713582"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929423","reference_id":"929423","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1074","reference_id":"RHSA-2020:1074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1074"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-12293"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arjj-gn1s-yue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6532?format=json","vulnerability_id":"VCID-ax7h-qsmd-hyc9","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9775.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9775","reference_id":"","reference_type":"","scores":[{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00742","scoring_system":"epss","scoring_elements":"0.73382","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466442","reference_id":"1466442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466442"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865680","reference_id":"865680","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865680"},{"reference_url":"https://security.archlinux.org/ASA-201706-33","reference_id":"ASA-201706-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-33"},{"reference_url":"https://security.archlinux.org/AVG-326","reference_id":"AVG-326","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2551","reference_id":"RHSA-2017:2551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2551"},{"reference_url":"https://usn.ubuntu.com/3350-1/","reference_id":"USN-3350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3350-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-9775"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ax7h-qsmd-hyc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98453?format=json","vulnerability_id":"VCID-btq8-dzuk-4yfk","summary":"In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9408.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9408","reference_id":"","reference_type":"","scores":[{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77869","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1458702","reference_id":"1458702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1458702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864009","reference_id":"864009","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864009"},{"reference_url":"https://security.gentoo.org/glsa/201801-17","reference_id":"GLSA-201801-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-17"},{"reference_url":"https://usn.ubuntu.com/3350-1/","reference_id":"USN-3350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3350-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-9408"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-btq8-dzuk-4yfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98443?format=json","vulnerability_id":"VCID-bytg-r7hs-gyeg","summary":"The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14977.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14977","reference_id":"","reference_type":"","scores":[{"value":"0.01097","scoring_system":"epss","scoring_elements":"0.78346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01097","scoring_system":"epss","scoring_elements":"0.78372","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500344","reference_id":"1500344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500344"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877952","reference_id":"877952","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877952"},{"reference_url":"https://security.gentoo.org/glsa/201804-03","reference_id":"GLSA-201804-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-03"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bytg-r7hs-gyeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6531?format=json","vulnerability_id":"VCID-c2n4-uugz-wfac","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9776.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9776","reference_id":"","reference_type":"","scores":[{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79646","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01248","scoring_system":"epss","scoring_elements":"0.79672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466443","reference_id":"1466443","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466443"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865679","reference_id":"865679","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865679"},{"reference_url":"https://security.archlinux.org/ASA-201706-33","reference_id":"ASA-201706-33","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201706-33"},{"reference_url":"https://security.archlinux.org/AVG-326","reference_id":"AVG-326","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2550","reference_id":"RHSA-2017:2550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2551","reference_id":"RHSA-2017:2551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2551"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-9776"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2n4-uugz-wfac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98438?format=json","vulnerability_id":"VCID-dwg9-w58z-ufh4","summary":"In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14927.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14927","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35873","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35969","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500324","reference_id":"1500324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500324"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877237","reference_id":"877237","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877237"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14927"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwg9-w58z-ufh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98477?format=json","vulnerability_id":"VCID-e144-8aet-7kbn","summary":"A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12493","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52032","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52093","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12493"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"}],"aliases":["CVE-2019-12493"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e144-8aet-7kbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98491?format=json","vulnerability_id":"VCID-ezcv-cbva-kkbe","summary":"A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27778","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78537","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78564","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-27778"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900712","reference_id":"1900712","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1900712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1881","reference_id":"RHSA-2021:1881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1881"},{"reference_url":"https://usn.ubuntu.com/4646-1/","reference_id":"USN-4646-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4646-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2020-27778"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezcv-cbva-kkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98456?format=json","vulnerability_id":"VCID-fmqa-fers-5ydf","summary":"Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13988","reference_id":"","reference_type":"","scores":[{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.72309","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.72351","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602838","reference_id":"1602838","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602838"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922","reference_id":"904922","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3757-1/","reference_id":"USN-3757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3757-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-13988"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmqa-fers-5ydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98459?format=json","vulnerability_id":"VCID-fnfu-a29f-ryeg","summary":"An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19058","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51255","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51317","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19058"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649435","reference_id":"1649435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649435"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177","reference_id":"913177","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://usn.ubuntu.com/3837-1/","reference_id":"USN-3837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3837-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2018-19058"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnfu-a29f-ryeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98463?format=json","vulnerability_id":"VCID-gg77-12mg-k7d2","summary":"Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19149.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19149.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19149","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49704","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49767","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649457","reference_id":"1649457","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649457"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914600","reference_id":"914600","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914600"},{"reference_url":"https://security.gentoo.org/glsa/201904-04","reference_id":"GLSA-201904-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201904-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://usn.ubuntu.com/3837-1/","reference_id":"USN-3837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3837-1/"},{"reference_url":"https://usn.ubuntu.com/3837-2/","reference_id":"USN-3837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3837-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-19149"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gg77-12mg-k7d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94791?format=json","vulnerability_id":"VCID-h257-3sze-qqbu","summary":"poppler: NULL pointer dereference in `FoFiType1C::convertToType1`","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36024.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36024","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26305","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26409","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016","reference_id":"1016","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:56:32Z/"}],"url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231520","reference_id":"2231520","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231520"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:56:32Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2979","reference_id":"RHSA-2024:2979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2979"},{"reference_url":"https://usn.ubuntu.com/6299-1/","reference_id":"USN-6299-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6299-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196032?format=json","purl":"pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1"}],"aliases":["CVE-2020-36024"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h257-3sze-qqbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98489?format=json","vulnerability_id":"VCID-hs9d-5q1m-97gk","summary":"Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18839","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39711","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39796","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-18839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234524","reference_id":"2234524","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234524"},{"reference_url":"https://gitlab.freedesktop.org/poppler/poppler/issues/742","reference_id":"742","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:29:54Z/"}],"url":"https://gitlab.freedesktop.org/poppler/poppler/issues/742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2020-18839"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs9d-5q1m-97gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98488?format=json","vulnerability_id":"VCID-jvqj-5f2g-u7d7","summary":"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9959","reference_id":"","reference_type":"","scores":[{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81133","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.8116","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9959"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732340","reference_id":"1732340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732340"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776","reference_id":"941776","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1074","reference_id":"RHSA-2020:1074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1074"},{"reference_url":"https://usn.ubuntu.com/4646-1/","reference_id":"USN-4646-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4646-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2019-9959"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvqj-5f2g-u7d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98457?format=json","vulnerability_id":"VCID-mzzq-s6gj-k3hw","summary":"In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16646.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16646","reference_id":"","reference_type":"","scores":[{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.84185","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02049","scoring_system":"epss","scoring_elements":"0.84208","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16646"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626618","reference_id":"1626618","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1626618"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909802","reference_id":"909802","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://usn.ubuntu.com/3837-1/","reference_id":"USN-3837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3837-1/"},{"reference_url":"https://usn.ubuntu.com/3837-2/","reference_id":"USN-3837-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3837-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-16646"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzzq-s6gj-k3hw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94790?format=json","vulnerability_id":"VCID-ndst-6nx1-1qcp","summary":"poppler: Stack-Overflow in `FoFiType1C::cvtGlyph`","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36023.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36023","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21149","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21231","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013","reference_id":"1013","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:59:31Z/"}],"url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231510","reference_id":"2231510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231510"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T17:59:31Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html"},{"reference_url":"https://usn.ubuntu.com/6299-1/","reference_id":"USN-6299-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6299-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196032?format=json","purl":"pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1"}],"aliases":["CVE-2020-36023"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndst-6nx1-1qcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98470?format=json","vulnerability_id":"VCID-nmgp-gqkw-xkd1","summary":"An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10018","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47731","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926133","reference_id":"926133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926133"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-10018"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmgp-gqkw-xkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98440?format=json","vulnerability_id":"VCID-p76p-4a8h-cffj","summary":"In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14929.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14929.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14929","reference_id":"","reference_type":"","scores":[{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.40926","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00192","scoring_system":"epss","scoring_elements":"0.41002","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14929"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499167","reference_id":"1499167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499167"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877222","reference_id":"877222","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877222"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14929"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p76p-4a8h-cffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98432?format=json","vulnerability_id":"VCID-p82j-3rgh-tqgf","summary":"In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14518.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14518","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50797","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50857","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499163","reference_id":"1499163","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499163"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876082","reference_id":"876082","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876082"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"}],"aliases":["CVE-2017-14518"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p82j-3rgh-tqgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98454?format=json","vulnerability_id":"VCID-q9zx-mkrf-k3bh","summary":"The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9865.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9865","reference_id":"","reference_type":"","scores":[{"value":"0.0076","scoring_system":"epss","scoring_elements":"0.73707","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0076","scoring_system":"epss","scoring_elements":"0.73744","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466435","reference_id":"1466435","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466435"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867477","reference_id":"867477","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867477"},{"reference_url":"https://security.gentoo.org/glsa/201801-17","reference_id":"GLSA-201801-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-17"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"}],"aliases":["CVE-2017-9865"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9zx-mkrf-k3bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98490?format=json","vulnerability_id":"VCID-qxhg-65zp-ufe2","summary":"Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23804.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-23804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23804","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5375","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53807","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234526","reference_id":"2234526","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2234526"},{"reference_url":"https://usn.ubuntu.com/6508-1/","reference_id":"USN-6508-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6508-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2020-23804"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxhg-65zp-ufe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98429?format=json","vulnerability_id":"VCID-re3v-ymkc-53bt","summary":"Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8868.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8868","reference_id":"","reference_type":"","scores":[{"value":"0.01087","scoring_system":"epss","scoring_elements":"0.78249","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01087","scoring_system":"epss","scoring_elements":"0.78274","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326225","reference_id":"1326225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326225"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822578","reference_id":"822578","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822578"},{"reference_url":"https://security.gentoo.org/glsa/201611-15","reference_id":"GLSA-201611-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201611-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2580","reference_id":"RHSA-2016:2580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2580"},{"reference_url":"https://usn.ubuntu.com/2958-1/","reference_id":"USN-2958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"}],"aliases":["CVE-2015-8868"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-re3v-ymkc-53bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98444?format=json","vulnerability_id":"VCID-snd9-bt5h-6ycw","summary":"In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15565.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15565.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15565","reference_id":"","reference_type":"","scores":[{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70373","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510977","reference_id":"1510977","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510977"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879066","reference_id":"879066","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879066"},{"reference_url":"https://usn.ubuntu.com/3467-1/","reference_id":"USN-3467-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3467-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-15565"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snd9-bt5h-6ycw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98464?format=json","vulnerability_id":"VCID-spyc-te21-j3dk","summary":"XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20481.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20481.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20481","reference_id":"","reference_type":"","scores":[{"value":"0.0119","scoring_system":"epss","scoring_elements":"0.79166","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0119","scoring_system":"epss","scoring_elements":"0.79193","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20481"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20481","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20481"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665266","reference_id":"1665266","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1665266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917325","reference_id":"917325","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/3865-1/","reference_id":"USN-3865-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3865-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-20481"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-spyc-te21-j3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98460?format=json","vulnerability_id":"VCID-tusm-masj-pyag","summary":"An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19059","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31787","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31858","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19059"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649440","reference_id":"1649440","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1649440"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180","reference_id":"913180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://usn.ubuntu.com/3837-1/","reference_id":"USN-3837-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3837-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2018-19059"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tusm-masj-pyag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98487?format=json","vulnerability_id":"VCID-uvcz-5mb9-syeq","summary":"PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9903","reference_id":"","reference_type":"","scores":[{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70671","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0063","scoring_system":"epss","scoring_elements":"0.70714","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691724","reference_id":"1691724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1691724"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264","reference_id":"925264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/4042-1/","reference_id":"USN-4042-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4042-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2019-9903"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uvcz-5mb9-syeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98480?format=json","vulnerability_id":"VCID-v2g6-bhw9-z3am","summary":"An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14494","reference_id":"","reference_type":"","scores":[{"value":"0.01932","scoring_system":"epss","scoring_elements":"0.83721","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01932","scoring_system":"epss","scoring_elements":"0.83744","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797453","reference_id":"1797453","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1797453"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812","reference_id":"933812","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3977","reference_id":"RHSA-2020:3977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4643","reference_id":"RHSA-2020:4643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4643"},{"reference_url":"https://usn.ubuntu.com/4091-1/","reference_id":"USN-4091-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4091-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196031?format=json","purl":"pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25s4-qujz-8kcf"},{"vulnerability":"VCID-4n4u-c4u9-kkep"},{"vulnerability":"VCID-4y9q-jfwk-5bde"},{"vulnerability":"VCID-arhw-n285-r3dv"},{"vulnerability":"VCID-e3pp-vnez-rude"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-r2f4-bgaw-t7gu"},{"vulnerability":"VCID-sw3e-49nw-w7fv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1"}],"aliases":["CVE-2019-14494"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v2g6-bhw9-z3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98452?format=json","vulnerability_id":"VCID-v9g2-msy2-gbhc","summary":"In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9406.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9406.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9406","reference_id":"","reference_type":"","scores":[{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01046","scoring_system":"epss","scoring_elements":"0.77869","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9775"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1458701","reference_id":"1458701","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1458701"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864010","reference_id":"864010","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864010"},{"reference_url":"https://security.gentoo.org/glsa/201801-17","reference_id":"GLSA-201801-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-17"},{"reference_url":"https://usn.ubuntu.com/3350-1/","reference_id":"USN-3350-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3350-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-9406"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9g2-msy2-gbhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98469?format=json","vulnerability_id":"VCID-xbpw-d63u-vyc1","summary":"Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21009.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-21009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21009","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65479","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65531","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-21009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21009"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1753850","reference_id":"1753850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1753850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1074","reference_id":"RHSA-2020:1074","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1074"},{"reference_url":"https://usn.ubuntu.com/4646-1/","reference_id":"USN-4646-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4646-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2018-21009"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbpw-d63u-vyc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98476?format=json","vulnerability_id":"VCID-xsp3-9g35-m7b5","summary":"A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12360.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12360.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12360","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56846","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56897","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12360"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850876","reference_id":"1850876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1850876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"}],"aliases":["CVE-2019-12360"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsp3-9g35-m7b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98436?format=json","vulnerability_id":"VCID-y1fm-k61h-27hz","summary":"In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14617.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14617","reference_id":"","reference_type":"","scores":[{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00525","scoring_system":"epss","scoring_elements":"0.67373","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499905","reference_id":"1499905","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1499905"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876385","reference_id":"876385","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876385"},{"reference_url":"https://usn.ubuntu.com/3440-1/","reference_id":"USN-3440-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3440-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-14617"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1fm-k61h-27hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98430?format=json","vulnerability_id":"VCID-yhxt-1rx2-cbc1","summary":"freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000456.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000456","reference_id":"","reference_type":"","scores":[{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72835","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00719","scoring_system":"epss","scoring_elements":"0.72873","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000456"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531382","reference_id":"1531382","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1531382"},{"reference_url":"https://security.gentoo.org/glsa/201804-03","reference_id":"GLSA-201804-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201804-03"},{"reference_url":"https://usn.ubuntu.com/3517-1/","reference_id":"USN-3517-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3517-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4536?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/4882?format=json","purl":"pkg:deb/debian/poppler@0.48.0-2%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.48.0-2%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2017-1000456"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhxt-1rx2-cbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98482?format=json","vulnerability_id":"VCID-zgt3-rj7n-vuah","summary":"In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7310.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7310","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48154","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48216","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7310"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7310","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7310"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672419","reference_id":"1672419","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1672419"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921215","reference_id":"921215","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921215"},{"reference_url":"https://security.archlinux.org/AVG-869","reference_id":"AVG-869","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-869"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2022","reference_id":"RHSA-2019:2022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2713","reference_id":"RHSA-2019:2713","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2713"},{"reference_url":"https://usn.ubuntu.com/3886-1/","reference_id":"USN-3886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3886-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5750?format=json","purl":"pkg:deb/debian/poppler@0.71.0-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.71.0-5"}],"aliases":["CVE-2019-7310"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgt3-rj7n-vuah"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98426?format=json","vulnerability_id":"VCID-2mmz-g3mk-qqc7","summary":"Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4473.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4473.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4473","reference_id":"","reference_type":"","scores":[{"value":"0.02273","scoring_system":"epss","scoring_elements":"0.84959","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02273","scoring_system":"epss","scoring_elements":"0.84983","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4473"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024753","reference_id":"1024753","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024753"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729064","reference_id":"729064","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729064"},{"reference_url":"https://security.gentoo.org/glsa/201401-21","reference_id":"GLSA-201401-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-21"},{"reference_url":"https://usn.ubuntu.com/2958-1/","reference_id":"USN-2958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4533?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2~bpo70%252B1"}],"aliases":["CVE-2013-4473"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2mmz-g3mk-qqc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98427?format=json","vulnerability_id":"VCID-5q6q-z49r-c7c6","summary":"Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4474.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4474.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4474","reference_id":"","reference_type":"","scores":[{"value":"0.25399","scoring_system":"epss","scoring_elements":"0.96315","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25399","scoring_system":"epss","scoring_elements":"0.9632","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4474"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4474","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4474"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024762","reference_id":"1024762","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024762"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729064","reference_id":"729064","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729064"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/38817.txt","reference_id":"CVE-2013-4474;OSVDB-99066","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/38817.txt"},{"reference_url":"https://www.securityfocus.com/bid/63374/info","reference_id":"CVE-2013-4474;OSVDB-99066","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/63374/info"},{"reference_url":"https://security.gentoo.org/glsa/201401-21","reference_id":"GLSA-201401-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-21"},{"reference_url":"https://usn.ubuntu.com/2958-1/","reference_id":"USN-2958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4533?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2~bpo70%252B1"}],"aliases":["CVE-2013-4474"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5q6q-z49r-c7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/98420?format=json","vulnerability_id":"VCID-71eb-8tfz-ufh9","summary":"The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2142.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2142","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60808","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60857","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487773","reference_id":"487773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487773"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=789936","reference_id":"789936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=789936"},{"reference_url":"https://security.gentoo.org/glsa/201310-03","reference_id":"GLSA-201310-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4533?format=json","purl":"pkg:deb/debian/poppler@0.26.5-2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-161f-sfg7-8bhf"},{"vulnerability":"VCID-1dky-1wb2-huaa"},{"vulnerability":"VCID-1vfp-wqj8-pqh3"},{"vulnerability":"VCID-2dsa-qkvf-h3fw"},{"vulnerability":"VCID-4hjh-cqg4-wqdk"},{"vulnerability":"VCID-4msq-ukzj-d7ds"},{"vulnerability":"VCID-4mt9-s54t-uub2"},{"vulnerability":"VCID-4wbd-xbks-b3c7"},{"vulnerability":"VCID-5py6-nrs3-13f5"},{"vulnerability":"VCID-62zk-x2n8-wudz"},{"vulnerability":"VCID-6x2t-evww-sbdv"},{"vulnerability":"VCID-7bkp-b1ww-7qct"},{"vulnerability":"VCID-7fqy-zt39-2ka2"},{"vulnerability":"VCID-7nuu-hq66-67es"},{"vulnerability":"VCID-7thh-twxp-j3fh"},{"vulnerability":"VCID-7ukn-38hy-dffs"},{"vulnerability":"VCID-81rk-djd7-wkau"},{"vulnerability":"VCID-9gtz-2mce-kuf6"},{"vulnerability":"VCID-afbw-asht-7bbq"},{"vulnerability":"VCID-aqh3-9esc-jqg7"},{"vulnerability":"VCID-arjj-gn1s-yue1"},{"vulnerability":"VCID-ax7h-qsmd-hyc9"},{"vulnerability":"VCID-btq8-dzuk-4yfk"},{"vulnerability":"VCID-bytg-r7hs-gyeg"},{"vulnerability":"VCID-c2n4-uugz-wfac"},{"vulnerability":"VCID-dwg9-w58z-ufh4"},{"vulnerability":"VCID-e144-8aet-7kbn"},{"vulnerability":"VCID-ezcv-cbva-kkbe"},{"vulnerability":"VCID-fmqa-fers-5ydf"},{"vulnerability":"VCID-fnfu-a29f-ryeg"},{"vulnerability":"VCID-gg77-12mg-k7d2"},{"vulnerability":"VCID-h257-3sze-qqbu"},{"vulnerability":"VCID-hs9d-5q1m-97gk"},{"vulnerability":"VCID-jvqj-5f2g-u7d7"},{"vulnerability":"VCID-mzzq-s6gj-k3hw"},{"vulnerability":"VCID-ndst-6nx1-1qcp"},{"vulnerability":"VCID-nmgp-gqkw-xkd1"},{"vulnerability":"VCID-p76p-4a8h-cffj"},{"vulnerability":"VCID-p82j-3rgh-tqgf"},{"vulnerability":"VCID-q9zx-mkrf-k3bh"},{"vulnerability":"VCID-qxhg-65zp-ufe2"},{"vulnerability":"VCID-re3v-ymkc-53bt"},{"vulnerability":"VCID-snd9-bt5h-6ycw"},{"vulnerability":"VCID-spyc-te21-j3dk"},{"vulnerability":"VCID-tusm-masj-pyag"},{"vulnerability":"VCID-uvcz-5mb9-syeq"},{"vulnerability":"VCID-v2g6-bhw9-z3am"},{"vulnerability":"VCID-v9g2-msy2-gbhc"},{"vulnerability":"VCID-xbpw-d63u-vyc1"},{"vulnerability":"VCID-xsp3-9g35-m7b5"},{"vulnerability":"VCID-y1fm-k61h-27hz"},{"vulnerability":"VCID-yhxt-1rx2-cbc1"},{"vulnerability":"VCID-zgt3-rj7n-vuah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2~bpo70%252B1"}],"aliases":["CVE-2012-2142"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71eb-8tfz-ufh9"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.26.5-2~bpo70%252B1"}