CVE-2023-46049
Published: 27 March 2024
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.
Notes
| Author | Note |
|---|---|
| mdeslaur | Marking as not-affected as the CVE was disputed |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
llvm-toolchain-10 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Not vulnerable
|
|
|
llvm-toolchain-11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
|
| jammy |
Not vulnerable
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
llvm-toolchain-12 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
|
| jammy |
Not vulnerable
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
llvm-toolchain-3.5 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-3.6 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-3.7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-3.8 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-3.9 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-4.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-6.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
llvm-toolchain-8 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
llvm-toolchain-9 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
| focal |
Not vulnerable
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
| upstream |
Needs triage
|