THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2023-46049

Assignermitre
Reserved2023-10-16
Published2024-03-27
Updated2024-07-10

Description

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.

References

https://github.com/llvm/llvm-project/issues/67388

http://seclists.org/fulldisclosure/2024/Jan/66

https://llvm.org/docs/Security.html

cve.org CVE-2023-46049

nvd.nist.gov CVE-2023-46049

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-46049
© Copyright 2024 THREATINT. Made in Cyprus with +