{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"newlib","version":"3.3.0-1.3+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.4.0.20231231-2","latest_non_vulnerable_version":"4.6.0.20260123-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74293?format=json","vulnerability_id":"VCID-cztw-ay3e-cfeq","summary":"newlib: arbitrary code execution via the time unit scaling in the _gettimeofday function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30949.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30949","reference_id":"","reference_type":"","scores":[{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71987","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71929","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71933","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.7193","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71921","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71956","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71821","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.7184","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71813","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71852","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71863","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71869","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.71895","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.719","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949"},{"reference_url":"https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/","reference_id":"20231129035714.469943-1-visitorckw%40gmail.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/"}],"url":"https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2306118","reference_id":"2306118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2306118"},{"reference_url":"https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661","reference_id":"6b26e599241ea80210ea136b28441661","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/"}],"url":"https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661"},{"reference_url":"https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4","reference_id":"?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/"}],"url":"https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931884?format=json","purl":"pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2024-30949"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cztw-ay3e-cfeq"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94034?format=json","vulnerability_id":"VCID-4z5d-zj37-yfcc","summary":"The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14871","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64491","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64401","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64446","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64276","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64334","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64363","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64321","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6437","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64397","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64391","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64393","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64414","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64427","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14871"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14871","reference_id":"CVE-2019-14871","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14871"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14871"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4z5d-zj37-yfcc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94035?format=json","vulnerability_id":"VCID-6y3x-44kq-wkgt","summary":"The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14872","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61705","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61596","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61645","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6149","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61564","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61612","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61626","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61647","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61658","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61663","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61648","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6165","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14872"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14872","reference_id":"CVE-2019-14872","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14872"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6y3x-44kq-wkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94039?format=json","vulnerability_id":"VCID-8y56-twub-8kfu","summary":"In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14876","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3935","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39155","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39138","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39057","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.38929","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39473","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39386","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39457","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39468","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.3943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39413","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39464","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39436","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60817","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14876"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14876","reference_id":"CVE-2019-14876","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14876"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8y56-twub-8kfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94038?format=json","vulnerability_id":"VCID-c26b-vetm-y3ak","summary":"In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14875","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60817","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14875"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14875","reference_id":"CVE-2019-14875","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14875"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14875"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c26b-vetm-y3ak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94036?format=json","vulnerability_id":"VCID-ecf9-k21a-t3c8","summary":"In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14873","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60817","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14873"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14873","reference_id":"CVE-2019-14873","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14873"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecf9-k21a-t3c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94041?format=json","vulnerability_id":"VCID-k2zw-2gbs-eugx","summary":"In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14878","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54107","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54051","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54049","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54026","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54076","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54104","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5411","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5406","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14878"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14878","reference_id":"CVE-2019-14878","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14878"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14878"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2zw-2gbs-eugx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94037?format=json","vulnerability_id":"VCID-n637-g4ee-tuhz","summary":"In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14874","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60817","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6076","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60713","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.6068","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60767","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60754","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60782","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60755","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.60768","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14874"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14874","reference_id":"CVE-2019-14874","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14874"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14874"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n637-g4ee-tuhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94040?format=json","vulnerability_id":"VCID-nsa5-ccpm-pufk","summary":"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14877","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54107","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54009","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54051","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54005","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54023","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54049","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54026","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54076","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54104","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54087","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.54126","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5413","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5411","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5406","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14877"},{"reference_url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/","reference_id":"","reference_type":"","scores":[],"url":"https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:newlib_project:newlib:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14877","reference_id":"CVE-2019-14877","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14877"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14877"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsa5-ccpm-pufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94794?format=json","vulnerability_id":"VCID-pw8g-an3z-jydv","summary":"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3420","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33445","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33977","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33962","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33931","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33558","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33537","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33453","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33337","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33404","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39815","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39838","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39759","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39814","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39837","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39666","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446","reference_id":"984446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931884?format=json","purl":"pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3420"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pw8g-an3z-jydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58946?format=json","vulnerability_id":"VCID-uzg5-a999-afhp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2305.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305","reference_id":"","reference_type":"","scores":[{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96506","published_at":"2026-04-01T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.9652","published_at":"2026-04-04T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96532","published_at":"2026-04-08T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96534","published_at":"2026-04-09T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96537","published_at":"2026-04-12T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.9654","published_at":"2026-04-13T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96546","published_at":"2026-04-16T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96552","published_at":"2026-04-18T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96555","published_at":"2026-04-26T12:55:00Z"},{"value":"0.28664","scoring_system":"epss","scoring_elements":"0.96556","published_at":"2026-04-24T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-04-29T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96913","published_at":"2026-05-05T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96917","published_at":"2026-05-07T12:55:00Z"},{"value":"0.32919","scoring_system":"epss","scoring_elements":"0.96924","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049","reference_id":"1191049","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191049"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397","reference_id":"778397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402","reference_id":"778402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406","reference_id":"778406","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408","reference_id":"778408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409","reference_id":"778409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412","reference_id":"778412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1053","reference_id":"RHSA-2015:1053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1066","reference_id":"RHSA-2015:1066","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1066"},{"reference_url":"https://usn.ubuntu.com/2572-1/","reference_id":"USN-2572-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2572-1/"},{"reference_url":"https://usn.ubuntu.com/2594-1/","reference_id":"USN-2594-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2594-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/931880?format=json","purl":"pkg:deb/debian/newlib@2.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931881?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"},{"vulnerability":"VCID-pw8g-an3z-jydv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931879?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-cztw-ay3e-cfeq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931882?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/931883?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2305"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uzg5-a999-afhp"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"}