CVE-2023-46049
Published: 27 March 2024
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.
Notes
Author | Note |
---|---|
mdeslaur | Marking as not-affected as the CVE was disputed |
Priority
Status
Package | Release | Status |
---|---|---|
llvm-toolchain-10 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Not vulnerable
|
|
llvm-toolchain-11 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
|
jammy |
Not vulnerable
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
llvm-toolchain-12 Launchpad, Ubuntu, Debian |
focal |
Not vulnerable
|
jammy |
Not vulnerable
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
llvm-toolchain-3.5 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-3.6 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-3.7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-3.8 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-3.9 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-4.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-6.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-7 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
llvm-toolchain-8 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
llvm-toolchain-9 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
|
focal |
Not vulnerable
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
upstream |
Needs triage
|