System	Score	Found at
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36978.json
epss	0.00079	https://api.first.org/data/v1/epss?cve=CVE-2021-36978
epss	0.00079	https://api.first.org/data/v1/epss?cve=CVE-2021-36978
epss	0.00079	https://api.first.org/data/v1/epss?cve=CVE-2021-36978
ssvc	Track	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml
ssvc	Track	https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5
ssvc	Track	https://github.com/qpdf/qpdf/issues/492
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html
ssvc	Track	https://security.gentoo.org/glsa/202401-20

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36978.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-36978
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36978
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1984609		https://bugzilla.redhat.com/show_bug.cgi?id=1984609
202401-20		https://security.gentoo.org/glsa/202401-20
492		https://github.com/qpdf/qpdf/issues/492
dc92574c10f3e2516ec6445b88c5d584f40df4e5		https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5
detail?id=28262		https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262
msg00037.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html
OSV-2020-2245.yaml		https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml
USN-5026-1		https://usn.ubuntu.com/5026-1/
USN-5026-2		https://usn.ubuntu.com/5026-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36978.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:38Z/ Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262

---

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:38Z/ Found at https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml

---

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:38Z/ Found at https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5

---

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:38Z/ Found at https://github.com/qpdf/qpdf/issues/492

---

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:38Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html

---

---

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:38Z/ Found at https://security.gentoo.org/glsa/202401-20

---

Percentile	0.23468
EPSS Score	0.00079
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:08:11.456230+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.6.0