Llvm Project
by Llvm
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46049 | Med | 0.34 | 5.3 | 0.01 | Mar 27, 2024 | LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and… | ||
| CVE-2024-31852 | Med | 0.31 | 5.9 | 0.01 | Apr 5, 2024 | LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor… | ||
| CVE-2026-13574 | 0.00 | — | — | Jun 30, 2026 | A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to… | |||
| CVE-2026-13573 | 0.00 | — | — | Jun 30, 2026 | A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a… | |||
| CVE-2023-29942 | 0.00 | — | 0.00 | May 5, 2023 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | |||
| CVE-2023-29935 | 0.00 | — | 0.00 | May 5, 2023 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | |||
| CVE-2023-29934 | 0.00 | — | 0.00 | May 5, 2023 | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). | |||
| CVE-2023-29933 | 0.00 | — | 0.00 | May 5, 2023 | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. | |||
| CVE-2023-29932 | 0.00 | — | 0.00 | May 5, 2023 | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | |||
| CVE-2023-29941 | 0.00 | — | 0.00 | May 5, 2023 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | |||
| CVE-2015-3027 | 0.00 | — | 0.01 | Apr 10, 2015 | Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C… |
- risk 0.34cvss 5.3epss 0.01
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and…
- risk 0.31cvss 5.9epss 0.01
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor…
- CVE-2026-13574Jun 30, 2026risk 0.00cvss —epss —
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to…
- CVE-2026-13573Jun 30, 2026risk 0.00cvss —epss —
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a…
- CVE-2023-29942May 5, 2023risk 0.00cvss —epss 0.00
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.
- CVE-2023-29935May 5, 2023risk 0.00cvss —epss 0.00
llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.
- CVE-2023-29934May 5, 2023risk 0.00cvss —epss 0.00
llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().
- CVE-2023-29933May 5, 2023risk 0.00cvss —epss 0.00
llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.
- CVE-2023-29932May 5, 2023risk 0.00cvss —epss 0.00
llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
- CVE-2023-29941May 5, 2023risk 0.00cvss —epss 0.00
llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.
- CVE-2015-3027Apr 10, 2015risk 0.00cvss —epss 0.01
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C…