DISPUTED LLVM 15.0.0 has a NULL pointer dereference in the
parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a
crafted .o file) to llvm-lto. NOTE: this is disputed because the
relationship between pdflatex.fmt and any LLVM language front end is not
explained, and because a crash of the llvm-lto application should be
categorized as a usability problem.
Author | Note |
---|---|
mdeslaur | Marking as not-affected as the CVE was disputed |