{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"podofo","version":"0.9.7-r0","qualifiers":{"arch":"armhf","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3436?format=json","vulnerability_id":"VCID-4uua-ggfe-9kag","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20797","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35917","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35878","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35944","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35903","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35974","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35984","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20797"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923415","reference_id":"923415","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923415"},{"reference_url":"https://security.archlinux.org/AVG-1427","reference_id":"AVG-1427","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1427"},{"reference_url":"https://usn.ubuntu.com/7217-1/","reference_id":"USN-7217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2018-20797"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uua-ggfe-9kag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3434?format=json","vulnerability_id":"VCID-dxwr-uuk1-r7ae","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10723","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24937","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24955","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24986","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24929","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25051","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25039","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10723"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926667","reference_id":"926667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926667"},{"reference_url":"https://security.archlinux.org/AVG-1427","reference_id":"AVG-1427","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1427"},{"reference_url":"https://usn.ubuntu.com/7217-1/","reference_id":"USN-7217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-10723"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxwr-uuk1-r7ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76871?format=json","vulnerability_id":"VCID-fz7s-yuza-dygq","summary":"PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9199","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64021","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63973","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64013","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64001","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64015","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.64023","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9199"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923469","reference_id":"923469","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923469"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-9199"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fz7s-yuza-dygq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3433?format=json","vulnerability_id":"VCID-gsap-as1s-gfbn","summary":"multiple issues","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20093","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63922","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63875","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63915","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63902","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63917","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63924","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20093"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977302","reference_id":"977302","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977302"},{"reference_url":"https://security.archlinux.org/AVG-1427","reference_id":"AVG-1427","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1427"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-20093"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gsap-as1s-gfbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76862?format=json","vulnerability_id":"VCID-q1f8-jxp6-mbgx","summary":"A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19532","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55246","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5519","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55245","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55226","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55247","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55254","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19532"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916085","reference_id":"916085","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916085"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2018-19532"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q1f8-jxp6-mbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76872?format=json","vulnerability_id":"VCID-ruw1-rxu7-8keh","summary":"PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9687","reference_id":"","reference_type":"","scores":[{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66705","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.6667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66703","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66688","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00508","scoring_system":"epss","scoring_elements":"0.66718","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9687"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924430","reference_id":"924430","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924430"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2019-9687"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ruw1-rxu7-8keh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76863?format=json","vulnerability_id":"VCID-y5sw-zzdw-nkct","summary":"An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName(\"MediaBox\"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20751","reference_id":"","reference_type":"","scores":[{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63399","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63353","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63394","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63382","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63396","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00437","scoring_system":"epss","scoring_elements":"0.63404","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20751"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20751"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-202101-36","reference_id":"ASA-202101-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-36"},{"reference_url":"https://security.archlinux.org/AVG-867","reference_id":"AVG-867","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/464539?format=json","purl":"pkg:apk/alpine/podofo@0.9.7-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}],"aliases":["CVE-2018-20751"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5sw-zzdw-nkct"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podofo@0.9.7-r0%3Farch=armhf&distroversion=edge&reponame=community"}