彙總 llvm 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位與路徑處理缺陷 相關,可能在 軟體部署與生產負載 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-29942 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | [email protected] | 5.5 | 0.09% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29941 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | [email protected] | 5.5 | 0.11% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29939 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29935 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29934 | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29933 | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. | [email protected] | 5.5 | 0.05% | 2023-05-05 | 2025-01-29 |
| CVE-2023-29932 | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | [email protected] | 5.5 | 0.04% | 2023-05-05 | 2025-01-29 |
| CVE-2023-26924 | LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior." | [email protected] | 5.5 | 0.05% | 2023-03-27 | 2024-11-21 |
| CVE-2014-2893 | The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. | [email protected] | 1.9 | 0.06% | 2014-04-23 | 2026-05-06 |