4.8
/ 10
MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Description
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
Basic Information
ID
CVE-2026-13574
Source
VulDB
Published
Jun 29, 2026 at 14:15
Affected Product
Vendor
llvm
Product
llvm-project
Version
22.1.0
Affected Versions
llvm llvm-project 22.1.0
llvm llvm-project 22.1.1
llvm llvm-project 22.1.2
llvm llvm-project 22.1.3
llvm llvm-project 22.1.4
llvm llvm-project 22.1.5
llvm llvm-project 22.1.6
llvm llvm-project 22.1.1
llvm llvm-project 22.1.2
llvm llvm-project 22.1.3
llvm llvm-project 22.1.4
llvm llvm-project 22.1.5
llvm llvm-project 22.1.6