汇总 llvm 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 缓冲区溢出与路径处理缺陷 相关,可能在 软件部署与生产负载 场景中带来 应用崩溃与内存损坏 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2023-29942 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | [email protected] | 5.5 | 0.09% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29941 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | [email protected] | 5.5 | 0.11% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29939 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29935 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29934 | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29933 | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. | [email protected] | 5.5 | 0.05% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29932 | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-26924 | LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." | [email protected] | 5.5 | 0.05% | 2023-03-27 | 2024-11-21 |
| CVE-2014-2893 | The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | [email protected] | 1.9 | 0.06% | 2014-04-23 | 2026-05-06 |