CVE-2023-4039

DISPUTED A failure in the -fstack-protector feature in GCC-based toolchainsthat target AArch64 allows an attacker to exploit an existing bufferoverflow in dynamically-sized local variables in your applicationwithout this being detected. This stack-protector failure only appliesto C99-style dynamica...

CVE-2019-15847

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a singl...

CVE-2018-12886

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypa...

CVE-2002-2439

Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.

CVE-2021-37322

GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.

CVE-2015-5276

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

CVE-2000-1219

The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.