CVE-2023-46049

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
llvm-toolchain-10
noble
dne
mantic
dne
jammy
dne
focal
not-affected
bionic
not-affected
llvm-toolchain-11
noble
dne
mantic
dne
jammy
not-affected
focal
not-affected
llvm-toolchain-12
noble
dne
mantic
dne
jammy
not-affected
focal
not-affected
llvm-toolchain-3.5
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
not-affected
llvm-toolchain-3.6
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
not-affected
trusty
not-affected
llvm-toolchain-3.7
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
not-affected
llvm-toolchain-3.8
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
not-affected
trusty
not-affected
llvm-toolchain-3.9
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
not-affected
trusty
not-affected
llvm-toolchain-4.0
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
not-affected
llvm-toolchain-5.0
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
not-affected
llvm-toolchain-6.0
noble
dne
mantic
dne
jammy
dne
focal
not-affected
bionic
not-affected
xenial
not-affected
llvm-toolchain-7
noble
dne
mantic
dne
jammy
dne
focal
not-affected
bionic
not-affected
llvm-toolchain-8
noble
dne
mantic
dne
jammy
dne
focal
not-affected
bionic
not-affected
xenial
not-affected
llvm-toolchain-9
noble
dne
mantic
dne
jammy
dne
focal
not-affected
bionic
not-affected
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2024/Jan/66
https://github.com/llvm/llvm-project/issues/67388
https://llvm.org/docs/Security.html
http://packetstormsecurity.com/files/176820/llvm-LLVM-15-Null-Pointer.html
http://seclists.org/fulldisclosure/2024/Jan/66
https://github.com/llvm/llvm-project/issues/67388
https://llvm.org/docs/Security.html