{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"newlib","version":"3.3.0-1.3+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.4.0.20231231-2","latest_non_vulnerable_version":"4.6.0.20260123-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33071?format=json","vulnerability_id":"VCID-5cs8-qn64-yyc8","summary":"An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30949","reference_id":"","reference_type":"","scores":[{"value":"0.00693","scoring_system":"epss","scoring_elements":"0.72342","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30949"},{"reference_url":"https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/","reference_id":"20231129035714.469943-1-visitorckw%40gmail.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/"}],"url":"https://inbox.sourceware.org/newlib/20231129035714.469943-1-visitorckw%40gmail.com/"},{"reference_url":"https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661","reference_id":"6b26e599241ea80210ea136b28441661","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/"}],"url":"https://gist.github.com/visitorckw/6b26e599241ea80210ea136b28441661"},{"reference_url":"https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4","reference_id":"?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-20T17:35:37Z/"}],"url":"https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=5f15d7c5817b07a6b18cbab17342c95cb7b42be4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95986?format=json","purl":"pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2024-30949"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cs8-qn64-yyc8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206908?format=json","vulnerability_id":"VCID-1119-ucwn-73ce","summary":"In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14877","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5448","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14877"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14877"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1119-ucwn-73ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206901?format=json","vulnerability_id":"VCID-42wt-jbth-sbe4","summary":"In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14873","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14873"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14873"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42wt-jbth-sbe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114232?format=json","vulnerability_id":"VCID-arr4-bt1m-akff","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305","reference_id":"","reference_type":"","scores":[{"value":"0.22421","scoring_system":"epss","scoring_elements":"0.95959","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2305"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397","reference_id":"778397","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778397"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402","reference_id":"778402","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406","reference_id":"778406","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778406"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408","reference_id":"778408","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778408"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409","reference_id":"778409","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778409"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412","reference_id":"778412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778412"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95982?format=json","purl":"pkg:deb/debian/newlib@2.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@2.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2015-2305"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arr4-bt1m-akff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208582?format=json","vulnerability_id":"VCID-b4tm-fyzg-sube","summary":"A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3420","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33676","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3420"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446","reference_id":"984446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984446"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95986?format=json","purl":"pkg:deb/debian/newlib@4.4.0.20231231-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.4.0.20231231-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2021-3420"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4tm-fyzg-sube"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206904?format=json","vulnerability_id":"VCID-j9n1-pu32-1bb7","summary":"In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14875","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14875"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14875"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j9n1-pu32-1bb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206906?format=json","vulnerability_id":"VCID-rtd2-ufby-rbek","summary":"In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14876","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14876"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtd2-ufby-rbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206899?format=json","vulnerability_id":"VCID-sqh9-y9n5-tqdk","summary":"The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14872","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.62056","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14872"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqh9-y9n5-tqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206909?format=json","vulnerability_id":"VCID-vb6c-rwm9-53cx","summary":"In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14878","reference_id":"","reference_type":"","scores":[{"value":"0.00309","scoring_system":"epss","scoring_elements":"0.5448","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14878"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14878"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vb6c-rwm9-53cx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206898?format=json","vulnerability_id":"VCID-y62r-g1g8-1fgg","summary":"The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14871","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64811","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14871"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14871"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y62r-g1g8-1fgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206903?format=json","vulnerability_id":"VCID-ypqg-d596-jbbg","summary":"In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14874","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14874"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14874"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95983?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"},{"vulnerability":"VCID-b4tm-fyzg-sube"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95981?format=json","purl":"pkg:deb/debian/newlib@3.3.0-1.3%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cs8-qn64-yyc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95985?format=json","purl":"pkg:deb/debian/newlib@4.5.0.20241231-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.5.0.20241231-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95984?format=json","purl":"pkg:deb/debian/newlib@4.6.0.20260123-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@4.6.0.20260123-2%3Fdistro=trixie"}],"aliases":["CVE-2019-14874"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypqg-d596-jbbg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/newlib@3.3.0-1.3%252Bdeb12u1%3Fdistro=trixie"}