CVE 4.8 MEDIUM

llvm llvm-project Bitcode File IntrinsicInst.cpp getBasePtr heap-based overflow_CVE-2026-13574

4.8 / 10
MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-13574
Source VulDB
Published Jun 29, 2026 at 14:15

Affected Product

Vendor llvm
Product llvm-project
Version 22.1.0
Affected Versions llvm llvm-project 22.1.0
llvm llvm-project 22.1.1
llvm llvm-project 22.1.2
llvm llvm-project 22.1.3
llvm llvm-project 22.1.4
llvm llvm-project 22.1.5
llvm llvm-project 22.1.6

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.