Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/picolibc@1.8.10-3?distro=trixie
Typedeb
Namespacedebian
Namepicolibc
Version1.8.10-3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.8.11-2
Latest_non_vulnerable_version1.8.11-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4z5d-zj37-yfcc
vulnerability_id VCID-4z5d-zj37-yfcc
summary The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14871
reference_id
reference_type
scores
0
value 0.00465
scoring_system epss
scoring_elements 0.64414
published_at 2026-04-24T12:55:00Z
1
value 0.00465
scoring_system epss
scoring_elements 0.64402
published_at 2026-04-18T12:55:00Z
2
value 0.00465
scoring_system epss
scoring_elements 0.64393
published_at 2026-04-21T12:55:00Z
3
value 0.00465
scoring_system epss
scoring_elements 0.64276
published_at 2026-04-01T12:55:00Z
4
value 0.00465
scoring_system epss
scoring_elements 0.64334
published_at 2026-04-02T12:55:00Z
5
value 0.00465
scoring_system epss
scoring_elements 0.64363
published_at 2026-04-04T12:55:00Z
6
value 0.00465
scoring_system epss
scoring_elements 0.64321
published_at 2026-04-07T12:55:00Z
7
value 0.00465
scoring_system epss
scoring_elements 0.6437
published_at 2026-04-08T12:55:00Z
8
value 0.00465
scoring_system epss
scoring_elements 0.64384
published_at 2026-04-12T12:55:00Z
9
value 0.00465
scoring_system epss
scoring_elements 0.64397
published_at 2026-04-11T12:55:00Z
10
value 0.00465
scoring_system epss
scoring_elements 0.64355
published_at 2026-04-13T12:55:00Z
11
value 0.00465
scoring_system epss
scoring_elements 0.64391
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14871
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14871
reference_id CVE-2019-14871
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14871
fixed_packages
0
url pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
purl pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14871
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z5d-zj37-yfcc
1
url VCID-6y3x-44kq-wkgt
vulnerability_id VCID-6y3x-44kq-wkgt
summary The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14872
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.6164
published_at 2026-04-24T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.61663
published_at 2026-04-18T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61648
published_at 2026-04-21T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.6149
published_at 2026-04-01T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61564
published_at 2026-04-07T12:55:00Z
5
value 0.00414
scoring_system epss
scoring_elements 0.61593
published_at 2026-04-04T12:55:00Z
6
value 0.00414
scoring_system epss
scoring_elements 0.61612
published_at 2026-04-08T12:55:00Z
7
value 0.00414
scoring_system epss
scoring_elements 0.61626
published_at 2026-04-09T12:55:00Z
8
value 0.00414
scoring_system epss
scoring_elements 0.61647
published_at 2026-04-11T12:55:00Z
9
value 0.00414
scoring_system epss
scoring_elements 0.61636
published_at 2026-04-12T12:55:00Z
10
value 0.00414
scoring_system epss
scoring_elements 0.61616
published_at 2026-04-13T12:55:00Z
11
value 0.00414
scoring_system epss
scoring_elements 0.61658
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14872
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14872
reference_id CVE-2019-14872
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14872
fixed_packages
0
url pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
purl pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14872
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-44kq-wkgt
2
url VCID-c26b-vetm-y3ak
vulnerability_id VCID-c26b-vetm-y3ak
summary In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60755
published_at 2026-04-24T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
10
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
reference_id CVE-2019-14875
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
fixed_packages
0
url pkg:deb/debian/picolibc@0?distro=trixie
purl pkg:deb/debian/picolibc@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@0%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14875
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak
3
url VCID-ecf9-k21a-t3c8
vulnerability_id VCID-ecf9-k21a-t3c8
summary In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14873
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60755
published_at 2026-04-24T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
10
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14873
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14873
reference_id CVE-2019-14873
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14873
fixed_packages
0
url pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
purl pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14873
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecf9-k21a-t3c8
4
url VCID-k2zw-2gbs-eugx
vulnerability_id VCID-k2zw-2gbs-eugx
summary In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14878
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.5411
published_at 2026-04-21T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-16T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.5413
published_at 2026-04-18T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54005
published_at 2026-04-01T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54023
published_at 2026-04-02T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54049
published_at 2026-04-04T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54026
published_at 2026-04-07T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54078
published_at 2026-04-08T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54076
published_at 2026-04-24T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.54122
published_at 2026-04-11T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-12T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54087
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14878
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14878
reference_id CVE-2019-14878
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14878
fixed_packages
0
url pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
purl pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14878
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2zw-2gbs-eugx
5
url VCID-n637-g4ee-tuhz
vulnerability_id VCID-n637-g4ee-tuhz
summary In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14874
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60755
published_at 2026-04-24T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
10
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14874
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14874
reference_id CVE-2019-14874
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14874
fixed_packages
0
url pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
purl pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14874
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n637-g4ee-tuhz
6
url VCID-nsa5-ccpm-pufk
vulnerability_id VCID-nsa5-ccpm-pufk
summary In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14877
reference_id
reference_type
scores
0
value 0.00309
scoring_system epss
scoring_elements 0.5411
published_at 2026-04-21T12:55:00Z
1
value 0.00309
scoring_system epss
scoring_elements 0.54126
published_at 2026-04-16T12:55:00Z
2
value 0.00309
scoring_system epss
scoring_elements 0.5413
published_at 2026-04-18T12:55:00Z
3
value 0.00309
scoring_system epss
scoring_elements 0.54005
published_at 2026-04-01T12:55:00Z
4
value 0.00309
scoring_system epss
scoring_elements 0.54023
published_at 2026-04-02T12:55:00Z
5
value 0.00309
scoring_system epss
scoring_elements 0.54049
published_at 2026-04-04T12:55:00Z
6
value 0.00309
scoring_system epss
scoring_elements 0.54026
published_at 2026-04-07T12:55:00Z
7
value 0.00309
scoring_system epss
scoring_elements 0.54078
published_at 2026-04-08T12:55:00Z
8
value 0.00309
scoring_system epss
scoring_elements 0.54076
published_at 2026-04-24T12:55:00Z
9
value 0.00309
scoring_system epss
scoring_elements 0.54122
published_at 2026-04-11T12:55:00Z
10
value 0.00309
scoring_system epss
scoring_elements 0.54104
published_at 2026-04-12T12:55:00Z
11
value 0.00309
scoring_system epss
scoring_elements 0.54087
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14877
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14877
reference_id CVE-2019-14877
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14877
fixed_packages
0
url pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
purl pkg:deb/debian/picolibc@1.4.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.4.3-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2019-14877
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa5-ccpm-pufk
7
url VCID-pw8g-an3z-jydv
vulnerability_id VCID-pw8g-an3z-jydv
summary A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3420
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33939
published_at 2026-04-13T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.33977
published_at 2026-04-16T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33962
published_at 2026-04-18T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33931
published_at 2026-04-21T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33558
published_at 2026-04-24T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39828
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39666
published_at 2026-04-01T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39801
published_at 2026-04-12T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39837
published_at 2026-04-11T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39815
published_at 2026-04-02T12:55:00Z
10
value 0.00181
scoring_system epss
scoring_elements 0.39838
published_at 2026-04-04T12:55:00Z
11
value 0.00181
scoring_system epss
scoring_elements 0.39759
published_at 2026-04-07T12:55:00Z
12
value 0.00181
scoring_system epss
scoring_elements 0.39814
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3420
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446
reference_id 984446
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446
fixed_packages
0
url pkg:deb/debian/picolibc@1.5-1?distro=trixie
purl pkg:deb/debian/picolibc@1.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5-1%3Fdistro=trixie
1
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
2
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
3
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
4
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
aliases CVE-2021-3420
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pw8g-an3z-jydv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie