CVE-2019-14872
6.5
MEDIUM
CVSS 3.1
EPSS 0.41%
Description
The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.
How to fix CVE-2019-14872
To remediate CVE-2019-14872, upgrade the affected package to a fixed version below.
- Debian/newlib—upgrade to 3.3.0-1 or later
- Debian/picolibc—upgrade to 1.4.3-1 or later
Is CVE-2019-14872 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.3.0-1
- from 0, < 1.4.3-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |