CVE-2023-46049

EUVD-2023-50310
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
llvm-toolchain-10
bionic
not-affected
focal
not-affected
jammy
dne
mantic
dne
noble
dne
llvm-toolchain-11
focal
not-affected
jammy
not-affected
mantic
dne
noble
dne
llvm-toolchain-12
focal
not-affected
jammy
not-affected
mantic
dne
noble
dne
llvm-toolchain-3.5
focal
dne
jammy
dne
mantic
dne
noble
dne
xenial
not-affected
llvm-toolchain-3.6
focal
dne
jammy
dne
mantic
dne
noble
dne
trusty
not-affected
xenial
not-affected
llvm-toolchain-3.7
bionic
not-affected
focal
dne
jammy
dne
mantic
dne
noble
dne
xenial
not-affected
llvm-toolchain-3.8
focal
dne
jammy
dne
mantic
dne
noble
dne
trusty
not-affected
xenial
not-affected
llvm-toolchain-3.9
bionic
not-affected
focal
dne
jammy
dne
mantic
dne
noble
dne
trusty
not-affected
xenial
not-affected
llvm-toolchain-4.0
bionic
not-affected
focal
dne
jammy
dne
mantic
dne
noble
dne
xenial
not-affected
llvm-toolchain-5.0
bionic
not-affected
focal
dne
jammy
dne
mantic
dne
noble
dne
xenial
not-affected
llvm-toolchain-6.0
bionic
not-affected
focal
not-affected
jammy
dne
mantic
dne
noble
dne
xenial
not-affected
llvm-toolchain-7
bionic
not-affected
focal
not-affected
jammy
dne
mantic
dne
noble
dne
llvm-toolchain-8
bionic
not-affected
focal
not-affected
jammy
dne
mantic
dne
noble
dne
xenial
not-affected
llvm-toolchain-9
bionic
not-affected
focal
not-affected
jammy
dne
mantic
dne
noble
dne
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2024/Jan/66
https://github.com/llvm/llvm-project/issues/67388
https://llvm.org/docs/Security.html
http://packetstormsecurity.com/files/176820/llvm-LLVM-15-Null-Pointer.html
http://seclists.org/fulldisclosure/2024/Jan/66
https://github.com/llvm/llvm-project/issues/67388
https://llvm.org/docs/Security.html