CVE-2023-46049

Published: Mar 27, 2024

Modified: Nov 4, 2025

PUBLISHED

Description

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/llvm/llvm-project/issues/67388

http://seclists.org/fulldisclosure/2024/Jan/66

https://llvm.org/docs/Security.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-46049

Description

Affected Products

References