Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/935606?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "poppler", "version": "0.85.0-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "20.09.0-1", "latest_non_vulnerable_version": "25.03.0-11.1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82697?format=api", "vulnerability_id": "VCID-2ck3-hjtt-hbax", "summary": "poppler: pdftohtml: access to uninitialized pointer could lead to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51622", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51673", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51658", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51712", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51708", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51758", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51719", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.5176", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51767", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51747", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51699", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51705", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51665", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51612", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51663", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.5167", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51777", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712", "reference_id": "1900712", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1881", "reference_id": "RHSA-2021:1881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1881" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-27778" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ck3-hjtt-hbax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82426?format=api", "vulnerability_id": "VCID-5py7-z1gg-9fet", "summary": "poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14494.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14494", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83467", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.8348", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83493", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83518", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83527", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83542", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83536", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83566", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83567", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83568", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83592", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.836", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83605", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83629", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83649", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83668", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83669", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.83684", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01969", "scoring_system": "epss", "scoring_elements": "0.8372", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14494" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797453", "reference_id": "1797453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1797453" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812", "reference_id": "933812", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3977", "reference_id": "RHSA-2020:3977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4643", "reference_id": "RHSA-2020:4643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4643" }, { "reference_url": "https://usn.ubuntu.com/4091-1/", "reference_id": "USN-4091-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4091-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14494" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5py7-z1gg-9fet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82724?format=api", "vulnerability_id": "VCID-8t2a-b56v-tqcs", "summary": "poppler: stack consumption in function Dict::find() in Dict.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70465", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72654", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72847", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72811", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72835", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72662", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72657", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72696", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72709", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72733", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72706", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72748", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72759", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72751", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72792", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72801", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72798", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00732", "scoring_system": "epss", "scoring_elements": "0.72822", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9903" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/741" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/" }, { "reference_url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/" }, { "reference_url": "http://www.securityfocus.com/bid/107560", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107560" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691724", "reference_id": "1691724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1691724" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264", "reference_id": "925264", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925264" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9903", "reference_id": "CVE-2019-9903", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9903" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8t2a-b56v-tqcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82664?format=api", "vulnerability_id": "VCID-96jm-1vhy-eyfd", "summary": "poppler: infinite recursion in function FontInfoScanner::scanFonts in FontInfo.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11026.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66509", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66773", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66715", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66688", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66709", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66549", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66574", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66546", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66593", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66607", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66626", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.6658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66616", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66631", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66615", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66641", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66655", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66654", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66628", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00514", "scoring_system": "epss", "scoring_elements": "0.66672", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/752" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5JWQE2WP4W4F2FEYPYJQBPQIOG75MVH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGYLZZ4DZUDBQEGCNDWSZPSFNNZJF4S6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/" }, { "reference_url": "https://research.loginsoft.com/bugs/1508/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/1508/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699862", "reference_id": "1699862", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1699862" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721", "reference_id": "926721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926721" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.75.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11026", "reference_id": "CVE-2019-11026", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-11026" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96jm-1vhy-eyfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82344?format=api", "vulnerability_id": "VCID-crcj-9bh9-7kb7", "summary": "poppler: integer overflow in JPXStream::init function leading to memory consumption", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9959.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9959", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0146", "scoring_system": "epss", "scoring_elements": "0.81031", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0146", "scoring_system": "epss", "scoring_elements": "0.80953", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0146", "scoring_system": "epss", "scoring_elements": "0.80975", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0146", "scoring_system": "epss", "scoring_elements": "0.80969", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0146", "scoring_system": "epss", "scoring_elements": "0.80987", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81008", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81043", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.8106", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81047", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81039", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81077", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81078", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81075", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81097", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81105", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81113", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81127", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.80977", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81036", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.80986", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01488", "scoring_system": "epss", "scoring_elements": "0.81009", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9959" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732340", "reference_id": "1732340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1732340" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776", "reference_id": "941776", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941776" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1074", "reference_id": "RHSA-2020:1074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1074" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9959" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-crcj-9bh9-7kb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82912?format=api", "vulnerability_id": "VCID-cwyp-gapg-yufk", "summary": "poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20650.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20650.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57699", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57874", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57832", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57779", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57807", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57783", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57803", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57833", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57834", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57851", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57829", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57837", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57836", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57812", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.5777", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.5779", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57768", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00355", "scoring_system": "epss", "scoring_elements": "0.57726", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20650" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" }, { "reference_url": "http://www.securityfocus.com/bid/106459", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106459" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665263", "reference_id": "1665263", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665263" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974", "reference_id": "917974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20650", "reference_id": "CVE-2018-20650", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/3865-1/", "reference_id": "USN-3865-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3865-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-20650" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwyp-gapg-yufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83020?format=api", "vulnerability_id": "VCID-ervj-1sdg-b3bm", "summary": "poppler: pdfdetach utility does not validate save paths", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19060.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19060.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19060", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35073", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35301", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35182", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35252", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35256", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35221", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35235", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35172", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34938", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34919", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34829", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34701", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34774", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34811", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34716", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34741", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34809", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19060" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19060" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649450", "reference_id": "1649450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649450" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913182", "reference_id": "913182", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913182" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19060" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ervj-1sdg-b3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82698?format=api", "vulnerability_id": "VCID-k1uz-1eqt-pbc6", "summary": "poppler: buffer overflow in HtmlOutputDev::page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-18839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39864", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39605", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39509", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39534", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40038", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39958", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40011", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40025", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40035", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39998", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39978", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40028", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39999", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39919", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39745", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.3973", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39644", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39514", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39579", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39595", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-18839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234524", "reference_id": "2234524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234524" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742", "reference_id": "742", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T16:29:54Z/" } ], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-18839" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k1uz-1eqt-pbc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82677?format=api", "vulnerability_id": "VCID-s3q2-uvnc-wfep", "summary": "poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10871.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70182", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70426", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70349", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70381", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70375", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70188", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70234", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70249", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70272", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70257", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70244", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70286", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70295", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70276", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.7033", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70338", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70335", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00628", "scoring_system": "epss", "scoring_elements": "0.70308", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.freedesktop.org/poppler/poppler/issues/751" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00025.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/" }, { "reference_url": "http://www.securityfocus.com/bid/107862", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696636", "reference_id": "1696636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696636" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529", "reference_id": "926529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926529" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10871", "reference_id": "CVE-2019-10871", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1074", "reference_id": "RHSA-2020:1074", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1074" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10871" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3q2-uvnc-wfep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83023?format=api", "vulnerability_id": "VCID-tt3h-qbbv-zuev", "summary": "poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18897.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18897", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35199", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.3556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35321", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35301", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35221", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35103", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35173", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35201", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35107", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.3513", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35581", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.3562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35609", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41536", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41626", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41653", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4158", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4163", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41639", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41629", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18897" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646546", "reference_id": "1646546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164", "reference_id": "913164", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2713", "reference_id": "RHSA-2019:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2713" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18897" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tt3h-qbbv-zuev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83019?format=api", "vulnerability_id": "VCID-wbyn-9mx6-a3gd", "summary": "poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19059.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.3222", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32392", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32217", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32266", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32295", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32296", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32258", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32226", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32261", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32241", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.32212", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.3205", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31923", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31842", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31695", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31769", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31777", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31682", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31706", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31775", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19059" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19059" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649440", "reference_id": "1649440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649440" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180", "reference_id": "913180", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19059" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbyn-9mx6-a3gd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83018?format=api", "vulnerability_id": "VCID-zzy2-1yr8-83cf", "summary": "poppler: reachable abort in Object.h", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19058.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50976", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51054", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51011", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51068", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51065", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51108", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51087", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.5111", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51093", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51041", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51049", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51009", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50941", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50992", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51023", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.50981", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51088", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19058" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649435", "reference_id": "1649435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649435" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177", "reference_id": "913177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2022", "reference_id": "RHSA-2019:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2022" }, { "reference_url": "https://usn.ubuntu.com/3837-1/", "reference_id": "USN-3837-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3837-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/935606?format=api", "purl": "pkg:deb/debian/poppler@0.85.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935578?format=api", "purl": "pkg:deb/debian/poppler@20.09.0-3.1%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@20.09.0-3.1%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935576?format=api", "purl": "pkg:deb/debian/poppler@22.12.0-2%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-48d5-zxmm-r3g4" }, { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-anb3-1s96-wbaq" }, { "vulnerability": "VCID-ygrf-gq35-fkfd" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" }, { "vulnerability": "VCID-yyxy-juya-a3f1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@22.12.0-2%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935580?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-5%2Bdeb13u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a8zz-dfdm-1uf7" }, { "vulnerability": "VCID-yy6j-1h5z-wbgp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-5%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/935579?format=api", "purl": "pkg:deb/debian/poppler@25.03.0-11.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@25.03.0-11.1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-19058" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzy2-1yr8-83cf" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/poppler@0.85.0-2%3Fdistro=trixie" }