Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-c26b-vetm-y3ak
SummaryIn the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.
Aliases
0
alias CVE-2019-14875
Fixed_packages
0
url pkg:deb/debian/newlib@3.3.0-1?distro=trixie
purl pkg:deb/debian/newlib@3.3.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie
1
url pkg:deb/debian/newlib@3.3.0-1
purl pkg:deb/debian/newlib@3.3.0-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
1
vulnerability VCID-pw8g-an3z-jydv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1
2
url pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cztw-ay3e-cfeq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
purl pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie
4
url pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
purl pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie
5
url pkg:deb/debian/picolibc@0?distro=trixie
purl pkg:deb/debian/picolibc@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@0%3Fdistro=trixie
6
url pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
purl pkg:deb/debian/picolibc@1.5.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.5.1-2%3Fdistro=trixie
7
url pkg:deb/debian/picolibc@1.8-1?distro=trixie
purl pkg:deb/debian/picolibc@1.8-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8-1%3Fdistro=trixie
8
url pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-2%3Fdistro=trixie
9
url pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
purl pkg:deb/debian/picolibc@1.8.10-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.10-3%3Fdistro=trixie
10
url pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
purl pkg:deb/debian/picolibc@1.8.11-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/picolibc@1.8.11-2%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/newlib@1.12.0.20041202-4
purl pkg:deb/debian/newlib@1.12.0.20041202-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
8
vulnerability VCID-uzg5-a999-afhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@1.12.0.20041202-4
1
url pkg:deb/debian/newlib@1.14.0-2
purl pkg:deb/debian/newlib@1.14.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
8
vulnerability VCID-uzg5-a999-afhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@1.14.0-2
2
url pkg:deb/debian/newlib@1.16.0-2
purl pkg:deb/debian/newlib@1.16.0-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
8
vulnerability VCID-uzg5-a999-afhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@1.16.0-2
3
url pkg:deb/debian/newlib@1.18.0-6.1
purl pkg:deb/debian/newlib@1.18.0-6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
8
vulnerability VCID-uzg5-a999-afhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@1.18.0-6.1
4
url pkg:deb/debian/newlib@1.18.0-6.2
purl pkg:deb/debian/newlib@1.18.0-6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
8
vulnerability VCID-uzg5-a999-afhp
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@1.18.0-6.2
5
url pkg:deb/debian/newlib@2.1.0%2Bgit20140818.1a8323b-2
purl pkg:deb/debian/newlib@2.1.0%2Bgit20140818.1a8323b-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.1.0%252Bgit20140818.1a8323b-2
6
url pkg:deb/debian/newlib@2.1.0%2Bgit20141201.db59ff3-2~bpo8%2B1
purl pkg:deb/debian/newlib@2.1.0%2Bgit20141201.db59ff3-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.1.0%252Bgit20141201.db59ff3-2~bpo8%252B1
7
url pkg:deb/debian/newlib@2.4.0.20160527-2
purl pkg:deb/debian/newlib@2.4.0.20160527-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.4.0.20160527-2
8
url pkg:deb/debian/newlib@3.1.0.20181231-1
purl pkg:deb/debian/newlib@3.1.0.20181231-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4z5d-zj37-yfcc
1
vulnerability VCID-6y3x-44kq-wkgt
2
vulnerability VCID-8y56-twub-8kfu
3
vulnerability VCID-c26b-vetm-y3ak
4
vulnerability VCID-ecf9-k21a-t3c8
5
vulnerability VCID-k2zw-2gbs-eugx
6
vulnerability VCID-n637-g4ee-tuhz
7
vulnerability VCID-nsa5-ccpm-pufk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.1.0.20181231-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60755
published_at 2026-04-24T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60778
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60782
published_at 2026-04-18T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60605
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.6068
published_at 2026-04-07T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60709
published_at 2026-04-04T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60728
published_at 2026-04-08T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60743
published_at 2026-04-09T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60767
published_at 2026-04-21T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60754
published_at 2026-04-12T12:55:00Z
10
value 0.00401
scoring_system epss
scoring_elements 0.60735
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14875
1
reference_url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
reference_id
reference_type
scores
url https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
reference_id CVE-2019-14875
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-14875
Weaknesses
0
cwe_id 476
name NULL Pointer Dereference
description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Exploits
Severity_range_score4.0 - 6.5
Exploitability0.5
Weighted_severity5.9
Risk_score3.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak