VulnerableCode Package Details - pkg:deb/debian/picolibc@1.4.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4z5d-zj37-yfcc	The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).	CVE-2019-14871
VCID-6y3x-44kq-wkgt	The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.	CVE-2019-14872
VCID-ecf9-k21a-t3c8	In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.	CVE-2019-14873
VCID-k2zw-2gbs-eugx	In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.	CVE-2019-14878
VCID-n637-g4ee-tuhz	In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.	CVE-2019-14874
VCID-nsa5-ccpm-pufk	In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.	CVE-2019-14877

Vulnerability

Summary

Aliases

VCID-4z5d-zj37-yfcc

The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).

CVE-2019-14871

VCID-6y3x-44kq-wkgt

The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.

CVE-2019-14872

VCID-ecf9-k21a-t3c8

In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.

CVE-2019-14873

VCID-k2zw-2gbs-eugx

In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.

CVE-2019-14878

VCID-n637-g4ee-tuhz

In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.

CVE-2019-14874

VCID-nsa5-ccpm-pufk

In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.

CVE-2019-14877

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:49:51.422646+00:00	Debian Importer	Fixing	VCID-4z5d-zj37-yfcc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:41:14.762394+00:00	Debian Importer	Fixing	VCID-k2zw-2gbs-eugx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:40:34.148313+00:00	Debian Importer	Fixing	VCID-nsa5-ccpm-pufk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:51:29.391602+00:00	Debian Importer	Fixing	VCID-n637-g4ee-tuhz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:12:47.773332+00:00	Debian Importer	Fixing	VCID-6y3x-44kq-wkgt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:09:43.179096+00:00	Debian Importer	Fixing	VCID-ecf9-k21a-t3c8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:48:17.192803+00:00	Debian Importer	Fixing	VCID-4z5d-zj37-yfcc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:13:47.644588+00:00	Debian Importer	Fixing	VCID-k2zw-2gbs-eugx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:13:16.183725+00:00	Debian Importer	Fixing	VCID-nsa5-ccpm-pufk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:35:26.848617+00:00	Debian Importer	Fixing	VCID-n637-g4ee-tuhz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:09:50.041100+00:00	Debian Importer	Fixing	VCID-6y3x-44kq-wkgt	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:07:59.637272+00:00	Debian Importer	Fixing	VCID-ecf9-k21a-t3c8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:57.682609+00:00	Debian Importer	Fixing	VCID-k2zw-2gbs-eugx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:57.635043+00:00	Debian Importer	Fixing	VCID-nsa5-ccpm-pufk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:57.528727+00:00	Debian Importer	Fixing	VCID-n637-g4ee-tuhz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:57.481247+00:00	Debian Importer	Fixing	VCID-ecf9-k21a-t3c8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:57.433578+00:00	Debian Importer	Fixing	VCID-6y3x-44kq-wkgt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:57.381644+00:00	Debian Importer	Fixing	VCID-4z5d-zj37-yfcc	https://security-tracker.debian.org/tracker/data/json	38.1.0