Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/newlib@1.18.0-6.1
Typedeb
Namespacedebian
Namenewlib
Version1.18.0-6.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.4.0.20231231-4
Latest_non_vulnerable_version4.4.0.20231231-4
Affected_by_vulnerabilities
0
url VCID-4z5d-zj37-yfcc
vulnerability_id VCID-4z5d-zj37-yfcc
summary The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14871
reference_id
reference_type
scores
0
value 0.00465
scoring_system epss
scoring_elements 0.64393
published_at 2026-04-21T12:55:00Z
1
value 0.00465
scoring_system epss
scoring_elements 0.64391
published_at 2026-04-16T12:55:00Z
2
value 0.00465
scoring_system epss
scoring_elements 0.64402
published_at 2026-04-18T12:55:00Z
3
value 0.00465
scoring_system epss
scoring_elements 0.64276
published_at 2026-04-01T12:55:00Z
4
value 0.00465
scoring_system epss
scoring_elements 0.64334
published_at 2026-04-02T12:55:00Z
5
value 0.00465
scoring_system epss
scoring_elements 0.64363
published_at 2026-04-04T12:55:00Z
6
value 0.00465
scoring_system epss
scoring_elements 0.64321
published_at 2026-04-07T12:55:00Z
7
value 0.00465
scoring_system epss
scoring_elements 0.6437
published_at 2026-04-08T12:55:00Z
8
value 0.00465
scoring_system epss
scoring_elements 0.64384
published_at 2026-04-12T12:55:00Z
9
value 0.00465
scoring_system epss
scoring_elements 0.64397
published_at 2026-04-11T12:55:00Z
10
value 0.00465
scoring_system epss
scoring_elements 0.64355
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14871
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14871
reference_id CVE-2019-14871
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14871
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14871
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z5d-zj37-yfcc
1
url VCID-6y3x-44kq-wkgt
vulnerability_id VCID-6y3x-44kq-wkgt
summary The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14872
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.61648
published_at 2026-04-21T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.61658
published_at 2026-04-16T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61663
published_at 2026-04-18T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.6149
published_at 2026-04-01T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61564
published_at 2026-04-07T12:55:00Z
5
value 0.00414
scoring_system epss
scoring_elements 0.61593
published_at 2026-04-04T12:55:00Z
6
value 0.00414
scoring_system epss
scoring_elements 0.61612
published_at 2026-04-08T12:55:00Z
7
value 0.00414
scoring_system epss
scoring_elements 0.61626
published_at 2026-04-09T12:55:00Z
8
value 0.00414
scoring_system epss
scoring_elements 0.61647
published_at 2026-04-11T12:55:00Z
9
value 0.00414
scoring_system epss
scoring_elements 0.61636
published_at 2026-04-12T12:55:00Z
10
value 0.00414
scoring_system epss
scoring_elements 0.61616
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14872
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14872
reference_id CVE-2019-14872
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14872
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14872
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-44kq-wkgt
2
url VCID-8y56-twub-8kfu
vulnerability_id VCID-8y56-twub-8kfu
summary In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14876
reference_id
reference_type
scores
0
value 0.00178
scoring_system epss
scoring_elements 0.3935
published_at 2026-04-21T12:55:00Z
1
value 0.00178
scoring_system epss
scoring_elements 0.39464
published_at 2026-04-16T12:55:00Z
2
value 0.00178
scoring_system epss
scoring_elements 0.39436
published_at 2026-04-18T12:55:00Z
3
value 0.00178
scoring_system epss
scoring_elements 0.39283
published_at 2026-04-01T12:55:00Z
4
value 0.00178
scoring_system epss
scoring_elements 0.39448
published_at 2026-04-02T12:55:00Z
5
value 0.00178
scoring_system epss
scoring_elements 0.39473
published_at 2026-04-04T12:55:00Z
6
value 0.00178
scoring_system epss
scoring_elements 0.39386
published_at 2026-04-07T12:55:00Z
7
value 0.00178
scoring_system epss
scoring_elements 0.39442
published_at 2026-04-08T12:55:00Z
8
value 0.00178
scoring_system epss
scoring_elements 0.39457
published_at 2026-04-09T12:55:00Z
9
value 0.00178
scoring_system epss
scoring_elements 0.39468
published_at 2026-04-11T12:55:00Z
10
value 0.00178
scoring_system epss
scoring_elements 0.3943
published_at 2026-04-12T12:55:00Z
11
value 0.00178
scoring_system epss
scoring_elements 0.39413
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14876
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14876
reference_id CVE-2019-14876
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14876
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14876
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8y56-twub-8kfu
3
url VCID-c26b-vetm-y3ak
vulnerability_id VCID-c26b-vetm-y3ak
summary In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
reference_id CVE-2019-14875
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14875
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak
4
url VCID-ecf9-k21a-t3c8
vulnerability_id VCID-ecf9-k21a-t3c8
summary In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14873
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14873
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14873
reference_id CVE-2019-14873
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14873
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14873
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecf9-k21a-t3c8
5
url VCID-k2zw-2gbs-eugx
vulnerability_id VCID-k2zw-2gbs-eugx
summary In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14878
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.5411
published_at 2026-04-21T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-16T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.5413
published_at 2026-04-18T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54005
published_at 2026-04-01T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54023
published_at 2026-04-02T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54049
published_at 2026-04-04T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54026
published_at 2026-04-07T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54078
published_at 2026-04-08T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54076
published_at 2026-04-09T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.54122
published_at 2026-04-11T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-12T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54087
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14878
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14878
reference_id CVE-2019-14878
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14878
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14878
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2zw-2gbs-eugx
6
url VCID-n637-g4ee-tuhz
vulnerability_id VCID-n637-g4ee-tuhz
summary In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14874
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14874
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14874
reference_id CVE-2019-14874
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14874
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14874
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n637-g4ee-tuhz
7
url VCID-nsa5-ccpm-pufk
vulnerability_id VCID-nsa5-ccpm-pufk
summary In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14877
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.5411
published_at 2026-04-21T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-16T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.5413
published_at 2026-04-18T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54005
published_at 2026-04-01T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54023
published_at 2026-04-02T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54049
published_at 2026-04-04T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54026
published_at 2026-04-07T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54078
published_at 2026-04-08T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54076
published_at 2026-04-09T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.54122
published_at 2026-04-11T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-12T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54087
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14877
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14877
reference_id CVE-2019-14877
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14877
fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
aliases CVE-2019-14877
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa5-ccpm-pufk
8
url VCID-uzg5-a999-afhp
vulnerability_id VCID-uzg5-a999-afhp
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-2305
reference_id
reference_type
scores
0
value 0.28664
scoring_system epss
scoring_elements 0.96506
published_at 2026-04-01T12:55:00Z
1
value 0.28664
scoring_system epss
scoring_elements 0.96515
published_at 2026-04-02T12:55:00Z
2
value 0.28664
scoring_system epss
scoring_elements 0.9652
published_at 2026-04-04T12:55:00Z
3
value 0.28664
scoring_system epss
scoring_elements 0.96524
published_at 2026-04-07T12:55:00Z
4
value 0.28664
scoring_system epss
scoring_elements 0.96532
published_at 2026-04-08T12:55:00Z
5
value 0.28664
scoring_system epss
scoring_elements 0.96534
published_at 2026-04-09T12:55:00Z
6
value 0.28664
scoring_system epss
scoring_elements 0.96537
published_at 2026-04-12T12:55:00Z
7
value 0.28664
scoring_system epss
scoring_elements 0.9654
published_at 2026-04-13T12:55:00Z
8
value 0.28664
scoring_system epss
scoring_elements 0.96546
published_at 2026-04-16T12:55:00Z
9
value 0.28664
scoring_system epss
scoring_elements 0.96552
published_at 2026-04-18T12:55:00Z
10
value 0.28664
scoring_system epss
scoring_elements 0.96555
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-2305
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1191049
reference_id 1191049
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1191049
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397
reference_id 778397
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402
reference_id 778402
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406
reference_id 778406
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408
reference_id 778408
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409
reference_id 778409
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412
reference_id 778412
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412
15
reference_url https://access.redhat.com/errata/RHSA-2015:1053
reference_id RHSA-2015:1053
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1053
16
reference_url https://access.redhat.com/errata/RHSA-2015:1066
reference_id RHSA-2015:1066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:1066
17
reference_url https://usn.ubuntu.com/2572-1/
reference_id USN-2572-1
reference_type
scores
url https://usn.ubuntu.com/2572-1/
18
reference_url https://usn.ubuntu.com/2594-1/
reference_id USN-2594-1
reference_type
scores
url https://usn.ubuntu.com/2594-1/
fixed_packages
0
url pkg:deb/debian/newlib@2.1.0%2Bgit20140818.1a8323b-2
purl pkg:deb/debian/newlib@2.1.0%2Bgit20140818.1a8323b-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.1.0%252Bgit20140818.1a8323b-2
aliases CVE-2015-2305
risk_score 0.1
exploitability 0.5
weighted_severity 0.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uzg5-a999-afhp
Fixing_vulnerabilities
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@1.18.0-6.1