Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/943618?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "xpdf", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.01-2", "latest_non_vulnerable_version": "3.04+git20260220-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36499?format=api", "vulnerability_id": "VCID-1jb4-rynb-sfcq", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3044", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13585", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13605", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13237", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13393", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13477", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13469", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.135", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13666", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13465", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13546", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13596", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1353", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13483", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13395", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13392", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1347", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13442", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13337", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3044" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html", "reference_id": "CVE-2023-3044.html", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:53:02Z/" } ], "url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://github.com/baker221/poc-xpdf", "reference_id": "poc-xpdf", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-08T17:53:02Z/" } ], "url": "https://github.com/baker221/poc-xpdf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-3044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jb4-rynb-sfcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194580?format=api", "vulnerability_id": "VCID-28eu-nxmr-17bh", "summary": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47728", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47673", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4771", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4768", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47735", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47756", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47733", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47743", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47797", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4779", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47742", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47724", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47596", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47661", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47683", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47626", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47656", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13291" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-28eu-nxmr-17bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60785?format=api", "vulnerability_id": "VCID-2gzf-29w4-puhx", "summary": "A vulnerability in Xpdf might allow local attackers to execute arbitrary\n code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25638", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25751", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2552", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25593", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2564", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25651", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.2561", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25553", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25557", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25543", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25465", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25457", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25294", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25362", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25423", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25344", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25361", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0009", "scoring_system": "epss", "scoring_elements": "0.25437", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-1144" }, { "reference_url": "https://security.gentoo.org/glsa/200904-07", "reference_id": "GLSA-200904-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-1144" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2gzf-29w4-puhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195312?format=api", "vulnerability_id": "VCID-3dkg-qm6d-47ha", "summary": "An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41029", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41245", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41365", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41345", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41352", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41373", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41341", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41327", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41371", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41342", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41269", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41157", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41152", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41071", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.40933", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41006", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41024", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.4093", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.40954", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14294" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14294" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dkg-qm6d-47ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197577?format=api", "vulnerability_id": "VCID-3fmb-j9eh-auht", "summary": "Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3698", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36958", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3688", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36903", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37328", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3749", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37515", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37343", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37407", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37419", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37384", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37357", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37403", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37386", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3733", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37109", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37079", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36991", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36872", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36939", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16927" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/ASA-201910-10", "reference_id": "ASA-201910-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-10" }, { "reference_url": "https://security.archlinux.org/AVG-1048", "reference_id": "AVG-1048", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1048" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16927", "reference_id": "CVE-2019-16927", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16927" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-16927" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3fmb-j9eh-auht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191729?format=api", "vulnerability_id": "VCID-3ndz-qv56-qkaz", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36925", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10020" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10020", "reference_id": "CVE-2019-10020", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10020" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10020" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ndz-qv56-qkaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267290?format=api", "vulnerability_id": "VCID-4shg-5htw-9uep", "summary": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24143", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24604", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24287", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24225", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24641", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24417", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24485", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24544", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.245", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24442", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24457", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24452", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24427", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24313", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24299", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24257", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25781", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25705", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28434", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.xpdfreader.com/security-bug/CVE-2025-3154.html", "reference_id": "CVE-2025-3154.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T19:14:58Z/" } ], "url": "https://www.xpdfreader.com/security-bug/CVE-2025-3154.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-3154" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4shg-5htw-9uep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36483?format=api", "vulnerability_id": "VCID-5rue-7ryh-9ufh", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38295", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38689", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38711", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38641", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38692", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38702", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38675", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38696", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38674", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38596", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38442", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38417", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38326", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38207", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38276", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38285", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38196", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.3822", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38222" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38222" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rue-7ryh-9ufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36489?format=api", "vulnerability_id": "VCID-6dvh-784c-r7au", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20404", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20307", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20272", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20175", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20248", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20335", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20299", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20317", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20659", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20467", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20526", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20549", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20504", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20442", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20439", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20312", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.xpdfreader.com/download.html", "reference_id": "download.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:41:18Z/" } ], "url": "http://www.xpdfreader.com/download.html" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928", "reference_id": "viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:41:18Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844", "reference_id": "viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:41:18Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-41844" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dvh-784c-r7au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267283?format=api", "vulnerability_id": "VCID-6fmz-b2w3-vbcn", "summary": "Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09006", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09062", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09114", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09057", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08979", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09088", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09089", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09043", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08938", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08919", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14339", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14202", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14244", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14099", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.13971", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14127", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-2574" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.xpdfreader.com/security-bug/CVE-2025-2574.html", "reference_id": "CVE-2025-2574.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T15:13:48Z/" } ], "url": "https://www.xpdfreader.com/security-bug/CVE-2025-2574.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-2574" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fmz-b2w3-vbcn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/253861?format=api", "vulnerability_id": "VCID-7545-4961-63bf", "summary": "Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.66027", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.6595", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65969", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65772", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65852", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65871", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65882", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65888", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65858", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65894", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65908", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65896", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65906", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65917", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65916", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.6589", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.65936", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00497", "scoring_system": "epss", "scoring_elements": "0.6598", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36493" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160", "reference_id": "viewtopic.php?f=3&t=42160", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:41:50Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-36493" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7545-4961-63bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97637?format=api", "vulnerability_id": "VCID-7ae3-ueje-kubk", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36925", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10021" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10021", "reference_id": "CVE-2019-10021", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10021" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10021" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ae3-ueje-kubk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36480?format=api", "vulnerability_id": "VCID-7ka2-sa5g-x7he", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44485", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4466", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44681", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44618", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44669", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44671", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44688", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44657", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44658", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44714", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44706", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44637", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44551", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44475", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44351", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44428", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44446", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44382", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44415", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30775" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-30775" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ka2-sa5g-x7he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223103?format=api", "vulnerability_id": "VCID-88y1-wpv2-j3by", "summary": "There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24996", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46912", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46949", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46965", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46967", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46989", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46962", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.47025", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.4702", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46954", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46917", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46829", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46892", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46911", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46854", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46886", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00239", "scoring_system": "epss", "scoring_elements": "0.46955", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24996" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-24996" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88y1-wpv2-j3by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194572?format=api", "vulnerability_id": "VCID-8hwa-heth-qua6", "summary": "In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56767", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56706", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56724", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56707", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56661", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56769", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56719", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56742", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0034", "scoring_system": "epss", "scoring_elements": "0.56806", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57192", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57321", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57295", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57271", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57323", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57325", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57338", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00347", "scoring_system": "epss", "scoring_elements": "0.57297", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13281" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13281" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8hwa-heth-qua6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61625?format=api", "vulnerability_id": "VCID-8tce-4d32-wkgy", "summary": "Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63968", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.6372", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63808", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63765", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63816", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63833", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63847", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63799", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63834", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63843", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63832", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63848", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.6386", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63859", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.6383", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63874", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63922", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.6389", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.63917", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35376" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202405-18", "reference_id": "GLSA-202405-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-35376" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tce-4d32-wkgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191735?format=api", "vulnerability_id": "VCID-8tq7-kp8w-j7e1", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36925", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10025" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10025", "reference_id": "CVE-2019-10025", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10025" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10025" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tq7-kp8w-j7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210911?format=api", "vulnerability_id": "VCID-8yrn-x9sm-muhy", "summary": "There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53275", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53179", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53204", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53133", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53157", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53125", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53169", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53219", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53205", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53189", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53228", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53235", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53217", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53191", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53164", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53119", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53168", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00298", "scoring_system": "epss", "scoring_elements": "0.53211", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9877" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9877", "reference_id": "CVE-2019-9877", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9877" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8yrn-x9sm-muhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93950?format=api", "vulnerability_id": "VCID-9hnb-h64u-zkev", "summary": "In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52528", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52424", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52418", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52462", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52448", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52455", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.5249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52473", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52463", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52888", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52862", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12957" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12957", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12957" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12957" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hnb-h64u-zkev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194578?format=api", "vulnerability_id": "VCID-9m91-9mge-vbdx", "summary": "In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52281", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52124", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52168", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52195", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5216", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52213", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5226", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5223", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52268", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52272", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52255", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52203", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52211", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5212", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52171", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52214", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52176", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.522", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13289" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9m91-9mge-vbdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195307?format=api", "vulnerability_id": "VCID-9tn7-2y9w-6ufm", "summary": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37112", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37459", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37592", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37286", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37266", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37055", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37122", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37141", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37062", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37036", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14291" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14291" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tn7-2y9w-6ufm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36490?format=api", "vulnerability_id": "VCID-aa14-4spj-5yf7", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2813", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28068", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28103", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28169", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28219", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.29405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29952", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29858", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29878", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30173", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30057", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29982", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29847", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29919", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29928", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43071" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959", "reference_id": "viewtopic.php?f=3&t=42349&p=43959#p43959", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T18:00:58Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-43071" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aa14-4spj-5yf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197687?format=api", "vulnerability_id": "VCID-az67-jep9-qfhs", "summary": "Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/154713/Xpdf-4.02-NULL-Pointer-Dereference.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17064", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58872", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58774", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58801", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58654", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58759", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58726", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58779", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58786", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58804", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58766", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58798", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58803", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58781", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58749", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58764", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58716", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5876", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58818", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17064" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41890" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5PYIAP2RXTYD4Y4FYFIK5K644LMDJWX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMDB2CGUYDW2RENE2I2TT6QNFEEI2CNF/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.02:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:4.02:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.02:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17064", "reference_id": "CVE-2019-17064", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17064" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-17064" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-az67-jep9-qfhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97677?format=api", "vulnerability_id": "VCID-bbb1-ck5d-8fg2", "summary": "Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87492", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87502", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87516", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87518", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87538", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87544", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87555", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87551", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87548", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87563", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87561", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87578", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87585", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87583", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87597", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.8761", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87629", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87624", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.87637", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03472", "scoring_system": "epss", "scoring_elements": "0.8767", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1244" }, { "reference_url": "https://usn.ubuntu.com/270-1/", "reference_id": "USN-270-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/270-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-1244" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbb1-ck5d-8fg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/219222?format=api", "vulnerability_id": "VCID-bft8-ctgf-a7c7", "summary": "In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15736", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15515", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15568", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15609", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15608", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15552", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15424", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15543", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15646", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15623", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15664", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15506", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16846", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16987", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16859", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16916", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1689", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21443", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7867" }, { "reference_url": "https://www.xpdfreader.com/security-bug/CVE-2024-7867.html", "reference_id": "CVE-2024-7867.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-16T17:08:56Z/" } ], "url": "https://www.xpdfreader.com/security-bug/CVE-2024-7867.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-7867" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bft8-ctgf-a7c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210914?format=api", "vulnerability_id": "VCID-bkxu-yxes-4yf6", "summary": "There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54424", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.5433", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54356", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54283", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54288", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.5434", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54335", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54367", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54345", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54385", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54389", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.5437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54333", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54348", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54324", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54273", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54315", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00312", "scoring_system": "epss", "scoring_elements": "0.54372", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/kermitt2/pdfalto/issues/46", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/kermitt2/pdfalto/issues/46" }, { "reference_url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdfalto_project:pdfalto:0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdfalto_project:pdfalto:0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdfalto_project:pdfalto:0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9878", "reference_id": "CVE-2019-9878", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9878" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9878" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkxu-yxes-4yf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194575?format=api", "vulnerability_id": "VCID-btp4-tbj1-uqc3", "summary": "In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5466", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.5457", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54587", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54565", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54511", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54554", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54607", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54566", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00315", "scoring_system": "epss", "scoring_elements": "0.54594", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.5519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55023", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55124", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55148", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55123", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55185", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55187", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13286" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-btp4-tbj1-uqc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195311?format=api", "vulnerability_id": "VCID-bvxw-w51x-vqc4", "summary": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37112", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37459", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37592", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37286", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37266", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37055", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37122", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37141", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37062", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37036", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14293" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvxw-w51x-vqc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278198?format=api", "vulnerability_id": "VCID-cbt8-he6p-gye9", "summary": "XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38236", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16454", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16516", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16399", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16443", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1634", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16332", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1622", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16178", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16052", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16167", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16275", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16244", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16278", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16351", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38236" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38236" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbt8-he6p-gye9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194270?format=api", "vulnerability_id": "VCID-ctgr-z8gu-fqeb", "summary": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12958", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41375", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.4135", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41366", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41272", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.413", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41681", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41704", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41671", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41678", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41604", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41415", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42137", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42111", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12958" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12958" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctgr-z8gu-fqeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194573?format=api", "vulnerability_id": "VCID-cxcd-xyg2-fudd", "summary": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52528", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52463", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52424", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52418", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52462", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52448", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52988", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52981", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52888", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52926", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52976", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5296", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52944", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13282" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxcd-xyg2-fudd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/220554?format=api", "vulnerability_id": "VCID-d7re-9pmd-dfhy", "summary": "In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7866", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12909", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12833", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12852", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12814", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12708", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12612", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12749", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12819", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12812", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12839", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12728", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28464", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28619", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28663", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28528", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28529", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.2857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33463", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7866" }, { "reference_url": "https://www.xpdfreader.com/security-bug/object-loops.html", "reference_id": "object-loops.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-16T17:13:19Z/" } ], "url": "https://www.xpdfreader.com/security-bug/object-loops.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-7866" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7re-9pmd-dfhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36492?format=api", "vulnerability_id": "VCID-d9s7-un66-wqba", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45586", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12534", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12449", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12444", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1247", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12622", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12511", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12356", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12475", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12479", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12336", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12247", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12384", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45586" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42361", "reference_id": "viewtopic.php?t=42361", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T17:54:55Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42361" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-45586" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d9s7-un66-wqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/223104?format=api", "vulnerability_id": "VCID-e1aj-xdke-bubt", "summary": "There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49233", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.4915", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49182", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.4921", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49216", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.4923", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49203", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49208", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49254", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49252", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49221", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49219", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49176", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49092", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49155", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49183", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49132", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49159", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24999" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-24999" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1aj-xdke-bubt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36484?format=api", "vulnerability_id": "VCID-e7vq-33xj-gkgr", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42973", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42937", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42987", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43022", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42971", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43031", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.43019", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42954", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42878", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4288", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42797", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42658", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42734", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.4275", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42679", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42707", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42773", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38334" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38334" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e7vq-33xj-gkgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/348807?format=api", "vulnerability_id": "VCID-ebmd-5d52-u7ev", "summary": "Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the \"N\" field in ICCBased color spaces.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01492", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01503", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01507", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01513", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01512", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0152", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01508", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01502", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01496", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09628", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09657", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09795", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09762", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09813", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09822", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0979", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09773", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09746", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4407" }, { "reference_url": "https://www.xpdfreader.com/security-bug/CVE-2026-4407.html", "reference_id": "CVE-2026-4407.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T14:01:23Z/" } ], "url": "https://www.xpdfreader.com/security-bug/CVE-2026-4407.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-4407" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebmd-5d52-u7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93941?format=api", "vulnerability_id": "VCID-ebyg-yhza-wkaq", "summary": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.5186", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51699", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51751", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51794", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51756", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.51782", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52846", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.5283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52867", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52749", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52858", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52827", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52836", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52798", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52874", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52773", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52799", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52767", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52811", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12493" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12493" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ebyg-yhza-wkaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77122?format=api", "vulnerability_id": "VCID-f1fy-2gxa-63hb", "summary": "xpdf: stack-overflow in pdftotext", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06133", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06144", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06453", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06476", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06488", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06512", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0664", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06704", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06711", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06727", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06758", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22532", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22574", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22362", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22444", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22498", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22422", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3247" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272851", "reference_id": "2272851", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272851" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=43597", "reference_id": "viewtopic.php?t=43597", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-03T17:26:43Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=43597" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3247" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f1fy-2gxa-63hb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82511?format=api", "vulnerability_id": "VCID-gfxh-3er7-zyam", "summary": "xpdf: buffer over-read via crafted PDF document leads to DoS or memory leak", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12360.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12360.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.5667", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56572", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56523", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56636", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56585", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00338", "scoring_system": "epss", "scoring_elements": "0.56609", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57615", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57595", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57573", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57602", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57599", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57578", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57536", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57555", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57463", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.576", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57547", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57568", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00351", "scoring_system": "epss", "scoring_elements": "0.57543", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12360" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850876", "reference_id": "1850876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12360" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxh-3er7-zyam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194576?format=api", "vulnerability_id": "VCID-ggaf-24m4-tudf", "summary": "In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41854", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.4204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.4213", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42118", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42129", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42114", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42115", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41987", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41981", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41897", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41755", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41823", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41841", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41754", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.41779", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13287" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13287" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggaf-24m4-tudf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218766?format=api", "vulnerability_id": "VCID-ggz4-xfsy-6qh9", "summary": "In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47047", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47109", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47057", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47044", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47054", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47003", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46919", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46983", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47002", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46946", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.46977", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48859", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48838", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48864", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48872", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48869", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48885", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00334", "scoring_system": "epss", "scoring_elements": "0.56203", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7868" }, { "reference_url": "https://www.xpdfreader.com/security-bug/CVE-2024-7868.html", "reference_id": "CVE-2024-7868.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-15T20:33:27Z/" } ], "url": "https://www.xpdfreader.com/security-bug/CVE-2024-7868.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-7868" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggz4-xfsy-6qh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278191?format=api", "vulnerability_id": "VCID-gs8q-7m9v-h7bv", "summary": "XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17141", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17173", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17041", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16926", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16875", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16742", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16857", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16964", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17056", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38227" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38227" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gs8q-7m9v-h7bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196870?format=api", "vulnerability_id": "VCID-gvg1-j3bg-jyhb", "summary": "Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15860", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37112", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37056", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37036", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37459", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37592", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37286", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37266", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37055", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37122", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37141", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15860" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gist.github.com/RootUp/b5de893bb2e51a4c846c5a0caa13b666" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15860", "reference_id": "CVE-2019-15860", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15860" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15860" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvg1-j3bg-jyhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278196?format=api", "vulnerability_id": "VCID-h2v8-y5wu-k7dt", "summary": "XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38234", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14485", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14555", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14501", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14451", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14413", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14356", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14248", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14249", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14319", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14349", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14324", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14265", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14129", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14281", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14372", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14366", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14408", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1449", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38234" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2v8-y5wu-k7dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36479?format=api", "vulnerability_id": "VCID-hxqu-gusj-d7hm", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84623", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84397", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84417", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84441", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84446", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84465", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84459", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84477", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84479", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84506", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84515", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84519", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84536", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84562", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84578", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84576", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84593", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-30524" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxqu-gusj-d7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36487?format=api", "vulnerability_id": "VCID-hz7t-j44b-d7bk", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2672", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27059", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26581", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26648", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26697", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26621", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26639", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27095", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26884", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26952", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26998", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.27001", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26957", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.269", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26911", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26887", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.2685", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26801", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26793", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00098", "scoring_system": "epss", "scoring_elements": "0.26726", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41843" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=1&t=42344", "reference_id": "viewtopic.php?f=1&t=42344", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:39:46Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=1&t=42344" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421", "reference_id": "viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:39:46Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-41843" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hz7t-j44b-d7bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195302?format=api", "vulnerability_id": "VCID-j6yq-rtc5-gqar", "summary": "An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"one byte per line\" case.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41985", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4216", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42247", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42188", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42239", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4227", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42233", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42205", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42255", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.4223", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42162", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42109", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42105", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42022", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41882", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41956", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41971", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41885", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.41911", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14288" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14288" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6yq-rtc5-gqar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193815?format=api", "vulnerability_id": "VCID-ju4p-5km5-cqay", "summary": "There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51229", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51279", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51322", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51282", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51311", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51387", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.5249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52473", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.5237", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52463", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52424", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52415", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52455", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12515" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12515" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ju4p-5km5-cqay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266459?format=api", "vulnerability_id": "VCID-k27e-xq9z-8qf8", "summary": "Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12784", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12712", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12764", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12733", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12647", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12555", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12567", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12676", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12686", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12649", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34516", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34409", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34479", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34506", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34411", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34437", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35468", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-26930" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-26930" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k27e-xq9z-8qf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/194577?format=api", "vulnerability_id": "VCID-kfq1-p85t-h7av", "summary": "In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96474", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.9639", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96397", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96417", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96421", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96432", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96437", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96439", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.9644", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96448", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.9645", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96457", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.9646", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.27509", "scoring_system": "epss", "scoring_elements": "0.96465", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13288" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13288" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kfq1-p85t-h7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36494?format=api", "vulnerability_id": "VCID-kq6b-svq2-bydz", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08675", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08453", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08553", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08629", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08598", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08622", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08507", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08498", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08517", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08511", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08478", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08355", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08472", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08461", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08411", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2662" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42505", "reference_id": "viewtopic.php?t=42505", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:05:31Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2662" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq6b-svq2-bydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36500?format=api", "vulnerability_id": "VCID-m3w5-n1vj-dkcj", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04448", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04433", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04593", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04456", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04458", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0447", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04504", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04521", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0451", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04495", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04478", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05271", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05218", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05263", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05273", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05138", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05179", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05182", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05169", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-3436" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42618", "reference_id": "viewtopic.php?t=42618", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:57:28Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42618" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-3436" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m3w5-n1vj-dkcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89389?format=api", "vulnerability_id": "VCID-m5tc-yrms-zuay", "summary": "security flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0206.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0206.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91215", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.9107", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91093", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91112", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91119", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.9112", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91144", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91143", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91146", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.9116", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91158", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91153", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91168", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91184", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91196", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91195", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.06529", "scoring_system": "epss", "scoring_elements": "0.91204", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0206" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17818" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11107" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:041" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:042" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:043" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:044" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:056" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2005-034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2005-034.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2005-053.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2005-057.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2005-057.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2005-132.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2005-132.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2005-213.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2005-213.html" }, { "reference_url": "http://www.securityfocus.com/bid/11501", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/11501" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617493", "reference_id": "1617493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617493" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ascii:ptex:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ascii:ptex:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ascii:ptex:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cstex:cstetex:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:cstex:cstetex:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cstex:cstetex:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.19_rc5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gpdf:0.110:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnome:gpdf:0.110:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gpdf:0.110:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gpdf:0.112:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnome:gpdf:0.131:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kpdf:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.32a:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.32b:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.33a:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pdftohtml:pdftohtml:0.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:1.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tetex:tetex:1.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:1.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:1.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tetex:tetex:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.90:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.91:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.92:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:0.93:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.0a:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "reference_id": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:advanced_linux_environment:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:sgi:advanced_linux_environment:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:advanced_linux_environment:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.3:*:ppc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.1:*:x86_64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux:9.2:*:x86_64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "reference_id": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "reference_id": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0206", "reference_id": "CVE-2005-0206", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-0206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:034", "reference_id": "RHSA-2005:034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:053", "reference_id": "RHSA-2005:053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:053" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:057", "reference_id": "RHSA-2005:057", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:057" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:132", "reference_id": "RHSA-2005:132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:213", "reference_id": "RHSA-2005:213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:213" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0206" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5tc-yrms-zuay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267078?format=api", "vulnerability_id": "VCID-m77c-kqwu-kbak", "summary": "XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15157", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.152", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15093", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15013", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14908", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14917", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14971", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15008", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1501", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14952", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14825", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15045", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15034", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15078", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38233" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m77c-kqwu-kbak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61628?format=api", "vulnerability_id": "VCID-mf6e-623v-r3cj", "summary": "Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31986", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32566", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32602", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32425", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32474", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.325", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32504", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32439", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32453", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32422", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32255", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32139", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32054", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31912", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31979", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31988", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31894", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31918", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24107" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202405-18", "reference_id": "GLSA-202405-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-18" }, { "reference_url": "https://usn.ubuntu.com/7985-1/", "reference_id": "USN-7985-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7985-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-24107" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mf6e-623v-r3cj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77123?format=api", "vulnerability_id": "VCID-mj4u-8j1k-zfbh", "summary": "xpdf: stack overflow via pdftpng", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3248.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06133", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06144", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06437", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06453", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06476", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06488", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06512", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0664", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06704", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06711", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06727", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06758", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22532", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22574", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22362", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22444", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22498", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22518", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22422", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-3248" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272854", "reference_id": "2272854", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272854" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=43657", "reference_id": "viewtopic.php?t=43657", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-12T13:50:27Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=43657" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-3248" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mj4u-8j1k-zfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210393?format=api", "vulnerability_id": "VCID-mnhc-1jgp-jqc8", "summary": "There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9589", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48101", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48026", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48034", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48073", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48093", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48096", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48091", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48114", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4809", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.481", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48153", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48148", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48102", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48084", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48095", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48042", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47962", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48028", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48051", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47997", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9589" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262" }, { "reference_url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9589", "reference_id": "CVE-2019-9589", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9589" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9589" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnhc-1jgp-jqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180212?format=api", "vulnerability_id": "VCID-mzzq-p7nb-kfge", "summary": "An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39041", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39303", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39489", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39458", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39484", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3948", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39453", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39174", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39156", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39075", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.38948", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39019", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39036", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.38945", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.38968", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18651" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18651" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mzzq-p7nb-kfge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97636?format=api", "vulnerability_id": "VCID-nd27-gfd1-yudu", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38895", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.388", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38822", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39157", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39344", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39367", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39336", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39353", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39325", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39307", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39244", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39029", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3901", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38926", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38801", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38873", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38889", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10019" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10019", "reference_id": "CVE-2019-10019", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10019" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10019" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nd27-gfd1-yudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191737?format=api", "vulnerability_id": "VCID-neub-d4ap-q7fp", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36925", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10026" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10026", "reference_id": "CVE-2019-10026", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10026" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10026" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-neub-d4ap-q7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31250?format=api", "vulnerability_id": "VCID-ngzc-42z2-8yae", "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2142.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60519", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60507", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60465", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60512", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.6057", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60529", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60555", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60617", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79991", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79914", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79994", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79941", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.7993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79968", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79971", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79963", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2142" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487773", "reference_id": "487773", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487773" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936", "reference_id": "789936", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789936" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2142" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ngzc-42z2-8yae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278193?format=api", "vulnerability_id": "VCID-nxhw-mks9-uqeq", "summary": "XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16454", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16516", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16312", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16399", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16457", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16443", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1634", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16277", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16332", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16224", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.1622", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16178", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16052", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16167", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16275", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16244", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16278", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16351", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38229" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxhw-mks9-uqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278195?format=api", "vulnerability_id": "VCID-nyr4-77z2-jfau", "summary": "XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16295", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16356", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16155", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16241", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16307", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16289", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16181", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16119", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16137", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16174", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16064", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16061", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16023", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.15904", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16017", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16094", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16127", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.162", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38231" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38231" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyr4-77z2-jfau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50774?format=api", "vulnerability_id": "VCID-p219-w8nj-qqg7", "summary": "Poppler is affected by a memory management issue, which could lead to the\n execution of arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2950.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93954", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93836", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93844", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93854", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93865", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93869", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93874", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93895", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93901", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93904", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.939", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93909", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.9392", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93931", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.12333", "scoring_system": "epss", "scoring_elements": "0.93939", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950" }, { "reference_url": "http://secunia.com/advisories/30963", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/30963" }, { "reference_url": "http://secunia.com/advisories/31002", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31002" }, { "reference_url": "http://secunia.com/advisories/31167", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31167" }, { "reference_url": "http://secunia.com/advisories/31267", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31267" }, { "reference_url": "http://secunia.com/advisories/31405", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31405" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200807-04.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-200807-04.xml" }, { "reference_url": "http://securityreason.com/securityalert/3977", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/3977" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43619" }, { "reference_url": "https://www.exploit-db.com/exploits/6032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/6032" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.html" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2008-0223", "reference_id": "", "reference_type": "", "scores": [], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0223" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:146", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:146" }, { "reference_url": "http://www.ocert.org/advisories/ocert-2008-007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ocert.org/advisories/ocert-2008-007.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/493980/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/493980/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/archive/1/494142/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/archive/1/494142/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/30107", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/30107" }, { "reference_url": "http://www.securitytracker.com/id?1020435", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020435" }, { "reference_url": "http://www.ubuntu.com/usn/usn-631-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/usn-631-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2024/references", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2024/references" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=454277", "reference_id": "454277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489756", "reference_id": "489756", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489756" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2950", "reference_id": "CVE-2008-2950", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2950" }, { "reference_url": "https://security.gentoo.org/glsa/200807-04", "reference_id": "GLSA-200807-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200807-04" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/6032.py", "reference_id": "OSVDB-46806;CVE-2008-2950", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/6032.py" }, { "reference_url": "https://usn.ubuntu.com/631-1/", "reference_id": "USN-631-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/631-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-2950" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p219-w8nj-qqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195309?format=api", "vulnerability_id": "VCID-pu8x-kruh-pkbh", "summary": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37825", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37987", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.38012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37891", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37941", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37954", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.3797", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37933", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37908", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37953", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37871", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37656", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37634", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37543", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37429", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37499", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37517", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.3743", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00168", "scoring_system": "epss", "scoring_elements": "0.37403", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14292" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14292" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pu8x-kruh-pkbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36491?format=api", "vulnerability_id": "VCID-pvpw-rgq1-n3ag", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21813", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21756", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21727", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21762", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21942", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21785", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21842", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21853", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22857", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23655", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23527", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23594", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23547", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23611", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23601", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23566", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00081", "scoring_system": "epss", "scoring_elements": "0.23447", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43295" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42360", "reference_id": "viewtopic.php?t=42360", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-13T19:25:09Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-43295" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvpw-rgq1-n3ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278192?format=api", "vulnerability_id": "VCID-pzmc-rz89-gbb7", "summary": "XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17141", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17173", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17041", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16926", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16875", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16742", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16857", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16964", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17056", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38228" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38228" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pzmc-rz89-gbb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197063?format=api", "vulnerability_id": "VCID-qetq-kqkd-j7gf", "summary": "Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25097", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2502", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25287", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25397", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25173", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25259", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25206", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25216", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25175", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25128", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25117", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25073", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2495", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25014", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16088" }, { "reference_url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gist.github.com/RootUp/3d9e90ea5ae0799305b4c7ec66e19387" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:3.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:3.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:3.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16088", "reference_id": "CVE-2019-16088", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16088" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-16088" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qetq-kqkd-j7gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278199?format=api", "vulnerability_id": "VCID-qj1g-cxtf-6yhq", "summary": "XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17141", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17173", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17041", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16926", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16875", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16742", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16857", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16964", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17056", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38237" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38237" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj1g-cxtf-6yhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278197?format=api", "vulnerability_id": "VCID-rvy1-vpy6-2fas", "summary": "XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38235", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15132", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.152", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15005", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15093", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15145", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15013", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14908", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14917", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14971", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15008", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1501", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14952", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14825", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15045", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15034", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15078", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15157", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38235" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38235" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rvy1-vpy6-2fas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278194?format=api", "vulnerability_id": "VCID-rwk9-yxsj-9ye6", "summary": "XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19901", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19956", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19684", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19763", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19815", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19819", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19717", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19692", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19693", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19707", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19601", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19587", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1955", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19431", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19521", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19606", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19567", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19596", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1969", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38230" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwk9-yxsj-9ye6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97638?format=api", "vulnerability_id": "VCID-s1y4-86gx-9ugs", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36925", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10023" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10023", "reference_id": "CVE-2019-10023", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10023" }, { "reference_url": "https://usn.ubuntu.com/4042-1/", "reference_id": "USN-4042-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4042-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1y4-86gx-9ugs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191733?format=api", "vulnerability_id": "VCID-s43w-xtc6-r7fs", "summary": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36948", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36847", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3687", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37294", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3731", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37361", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37373", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37385", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3735", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.3737", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37352", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37296", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.37044", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36956", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36839", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00164", "scoring_system": "epss", "scoring_elements": "0.36925", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10024" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10024", "reference_id": "CVE-2019-10024", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10024" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10024" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s43w-xtc6-r7fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36482?format=api", "vulnerability_id": "VCID-s4uu-64gy-kkh4", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36561", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26845", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26885", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26789", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26792", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26748", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26691", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26699", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2667", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26629", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26573", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26565", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26492", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26359", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26429", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26484", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26413", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26508", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36561" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-36561" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4uu-64gy-kkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195304?format=api", "vulnerability_id": "VCID-srxr-dp8e-ryg8", "summary": "An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the \"multiple bytes per line\" case.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37112", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37459", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37592", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37286", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37266", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37055", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37122", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37141", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37062", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37036", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14289" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-srxr-dp8e-ryg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36496?format=api", "vulnerability_id": "VCID-t5np-6g2m-cbbv", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20452", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20535", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23891", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23961", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23905", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24306", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24092", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24203", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24221", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24179", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24123", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24124", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.241", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23975", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23962", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2381", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2663" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42421", "reference_id": "viewtopic.php?t=42421", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-24T16:02:53Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42421" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2663" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t5np-6g2m-cbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197087?format=api", "vulnerability_id": "VCID-tq94-kdgr-s7hw", "summary": "In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39231", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39137", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3916", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39645", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39667", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39585", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39639", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39654", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39663", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39626", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3961", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39632", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39549", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39369", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39271", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39147", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39212", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39228", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16115" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41872" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16115", "reference_id": "CVE-2019-16115", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16115" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-16115" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tq94-kdgr-s7hw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191730?format=api", "vulnerability_id": "VCID-ttne-sgwp-k7bf", "summary": "An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38895", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.388", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38822", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39157", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39344", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39367", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39281", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39336", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39353", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39365", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39325", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39307", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39359", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39331", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39244", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39029", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3901", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38926", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38801", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38873", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38889", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10022" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41273" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10022", "reference_id": "CVE-2019-10022", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10022" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10022" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttne-sgwp-k7bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/278200?format=api", "vulnerability_id": "VCID-tz12-qj2j-rkfh", "summary": "XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38238", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1722", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17051", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17141", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17173", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17126", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17002", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17006", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17041", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16942", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16926", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16875", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16742", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16857", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16964", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.16935", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1697", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17056", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38238" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38238" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tz12-qj2j-rkfh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/266511?format=api", "vulnerability_id": "VCID-uakq-uh46-juec", "summary": "An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19762", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19954", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19643", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19671", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20012", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19739", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19819", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19871", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.1988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19778", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19752", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19754", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19767", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19662", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19656", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19622", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19514", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19596", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19681", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-48545" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42092", "reference_id": "viewtopic.php?f=3&t=42092", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T14:16:19Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-48545" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uakq-uh46-juec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61624?format=api", "vulnerability_id": "VCID-ubtq-wukm-4fau", "summary": "Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39672", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3982", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39819", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39833", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39842", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39806", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3979", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3984", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39811", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39729", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39549", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39538", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39456", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39328", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39394", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39409", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39322", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39347", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39417", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25725" }, { "reference_url": "https://security.gentoo.org/glsa/202405-18", "reference_id": "GLSA-202405-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-25725" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubtq-wukm-4fau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/267261?format=api", "vulnerability_id": "VCID-uwft-v6jp-vkhg", "summary": "In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the \"UseCMap\" entry, leads to infinite recursion and a stack overflow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11896", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00957", "published_at": "2026-05-14T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00844", "published_at": "2026-05-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0084", "published_at": "2026-05-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00949", "published_at": "2026-05-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00816", "published_at": "2026-04-02T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00817", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00819", "published_at": "2026-04-07T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00824", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.0081", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00804", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00805", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00809", "published_at": "2026-04-18T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00852", "published_at": "2026-04-21T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00854", "published_at": "2026-05-05T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00855", "published_at": "2026-04-26T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00853", "published_at": "2026-04-29T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00849", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.xpdfreader.com/security-bug/object-loops.html", "reference_id": "object-loops.html", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-17T13:49:28Z/" } ], "url": "https://www.xpdfreader.com/security-bug/object-loops.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-11896" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwft-v6jp-vkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36486?format=api", "vulnerability_id": "VCID-vbux-p4cd-a3f9", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56167", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56117", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56026", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56074", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56135", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56085", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56108", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56137", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56168", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5616", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56144", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56177", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5618", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56149", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56075", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56096", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56072", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41842" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.xpdfreader.com/download.html", "reference_id": "download.html", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:36:57Z/" } ], "url": "http://www.xpdfreader.com/download.html" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928", "reference_id": "viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T19:36:57Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-41842" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbux-p4cd-a3f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36493?format=api", "vulnerability_id": "VCID-vqwt-nqkf-fkd7", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12534", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12449", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12444", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1247", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12622", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12511", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12532", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12356", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1236", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12475", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12479", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12448", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12336", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12247", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12384", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42361", "reference_id": "viewtopic.php?t=42361", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-19T17:53:26Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42361" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-45587" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vqwt-nqkf-fkd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210388?format=api", "vulnerability_id": "VCID-vsn4-3wj4-tqba", "summary": "There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56603", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56517", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56541", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56566", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.5661", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56564", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56595", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56499", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56518", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56453", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56503", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9587" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9587", "reference_id": "CVE-2019-9587", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9587" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9587" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsn4-3wj4-tqba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/195305?format=api", "vulnerability_id": "VCID-w4js-d713-1ffu", "summary": "An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37112", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37459", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37579", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37592", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37572", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.3757", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37506", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37286", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37266", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37174", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37055", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37122", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37141", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37062", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37036", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-14290" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-14290" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4js-d713-1ffu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36481?format=api", "vulnerability_id": "VCID-wz2m-37h6-t7cv", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43058", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43183", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43247", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43268", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43236", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43221", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.4327", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43206", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43141", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43143", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43062", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.42927", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43003", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43023", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.42963", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.42993", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-33108" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-33108" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz2m-37h6-t7cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97514?format=api", "vulnerability_id": "VCID-xt1y-bytw-zfa7", "summary": "In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52528", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52505", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52463", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52424", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52418", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52462", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52448", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52988", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52981", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52888", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52882", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52933", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52926", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52976", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5296", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52944", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13283" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://usn.ubuntu.com/4646-1/", "reference_id": "USN-4646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13283" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xt1y-bytw-zfa7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36485?format=api", "vulnerability_id": "VCID-y38f-a865-fuae", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.3609", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.3602", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36596", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36466", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36517", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36537", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36544", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36509", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36486", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36529", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36512", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36456", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36228", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36198", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36111", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.35993", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36061", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36087", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.35997", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38928" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421", "reference_id": "viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-27T15:25:03Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-38928" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y38f-a865-fuae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/210391?format=api", "vulnerability_id": "VCID-y9t6-akg1-pqhz", "summary": "There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9588", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56603", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56541", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56447", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56566", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56545", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56596", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.566", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.5661", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56564", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56595", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56594", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56499", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56518", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56453", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56503", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00337", "scoring_system": "epss", "scoring_elements": "0.56517", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9588" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261", "reference_id": "", "reference_type": "", "scores": [], "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261" }, { "reference_url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9588", "reference_id": "CVE-2019-9588", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9588" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-9588" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y9t6-akg1-pqhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61629?format=api", "vulnerability_id": "VCID-ysst-cb32-t7dv", "summary": "Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43085", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43274", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43211", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43275", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43295", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43308", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43297", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43167", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43168", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43088", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.42955", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43033", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43051", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.42991", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43021", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27135" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202405-18", "reference_id": "GLSA-202405-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-27135" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ysst-cb32-t7dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/180211?format=api", "vulnerability_id": "VCID-yxrv-7mb5-ekfx", "summary": "An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18650", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39041", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39303", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39465", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39489", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39458", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39473", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39484", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3948", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39453", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39367", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39174", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39156", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39075", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.38948", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39019", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39036", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.38945", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.38968", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18650" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-18650" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yxrv-7mb5-ekfx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36497?format=api", "vulnerability_id": "VCID-z4s1-k1tj-13bf", "summary": "Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13229", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13305", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1671", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16796", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16851", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16725", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16661", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.1687", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16706", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16611", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.166", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16566", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16432", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16551", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16657", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16621", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16669", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00053", "scoring_system": "epss", "scoring_elements": "0.16926", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2664" }, { "reference_url": "https://security.gentoo.org/glsa/202409-25", "reference_id": "GLSA-202409-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-25" }, { "reference_url": "https://forum.xpdfreader.com/viewtopic.php?t=42422", "reference_id": "viewtopic.php?t=42422", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-23T21:22:45Z/" } ], "url": "https://forum.xpdfreader.com/viewtopic.php?t=42422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-2664" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z4s1-k1tj-13bf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31249?format=api", "vulnerability_id": "VCID-zn54-s7jz-ruh8", "summary": "Multiple vulnerabilities have been found in Poppler, some of which\n may allow execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4654.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4654.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2010-4654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2010-4654" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64662", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64608", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64396", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6445", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6448", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64439", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64488", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64504", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64519", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64479", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64525", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64517", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64538", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6455", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64524", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6457", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64615", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.64586", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4654" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201310-03.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201310-03.xml" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2010-4654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2010-4654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=672181", "reference_id": "672181", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=672181" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4654", "reference_id": "CVE-2010-4654", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4654" }, { "reference_url": "https://security.gentoo.org/glsa/201310-03", "reference_id": "GLSA-201310-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/943618?format=api", "purl": "pkg:deb/debian/xpdf@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943610?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20210103-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20210103-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943608?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20220601-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20220601-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943612?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20250304-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20250304-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/943611?format=api", "purl": "pkg:deb/debian/xpdf@3.04%2Bgit20260220-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@3.04%252Bgit20260220-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-4654" ], "risk_score": 4.2, "exploitability": "0.5", "weighted_severity": "8.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zn54-s7jz-ruh8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/xpdf@0%3Fdistro=trixie" }