Search for packages
Package details: pkg:deb/debian/poco@1.3.2%2Bdfsg1-3
purl pkg:deb/debian/poco@1.3.2%2Bdfsg1-3
Next non-vulnerable version 1.11.0-3+deb12u1
Latest non-vulnerable version 1.11.0-3+deb12u1
Risk 4.4
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-2hwq-3m7g-zqc3
Aliases:
CVE-2017-1000472
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".
1.3.6p1-5+deb8u1
Affected by 2 other vulnerabilities.
1.7.6+dfsg1-5+deb9u1
Affected by 2 other vulnerabilities.
1.9.0-5
Affected by 1 other vulnerability.
VCID-cjbk-v93c-hyav
Aliases:
CVE-2009-3560
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.
1.3.6p1-1
Affected by 3 other vulnerabilities.
VCID-decx-ng47-vfcr
Aliases:
CVE-2009-3720
A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.
1.3.6p1-1
Affected by 3 other vulnerabilities.
VCID-hdwd-hc19-87ab
Aliases:
CVE-2014-0350
1.3.6p1-5
Affected by 2 other vulnerabilities.
VCID-u913-q8q7-aqev
Aliases:
CVE-2023-52389
Integer Overflow or Wraparound UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
1.11.0-3+deb12u1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T19:05:52.055055+00:00 Debian Oval Importer Affected by VCID-2hwq-3m7g-zqc3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:40:03.094607+00:00 Debian Oval Importer Affected by VCID-cjbk-v93c-hyav https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:22:52.572013+00:00 Debian Oval Importer Affected by VCID-hdwd-hc19-87ab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:02:52.598559+00:00 Debian Oval Importer Affected by VCID-u913-q8q7-aqev https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:26:03.446189+00:00 Debian Oval Importer Affected by VCID-decx-ng47-vfcr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:06:53.721937+00:00 Debian Oval Importer Affected by VCID-2hwq-3m7g-zqc3 https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 37.0.0
2025-08-01T10:17:25.346350+00:00 Debian Oval Importer Affected by VCID-2hwq-3m7g-zqc3 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 37.0.0