CVE-2026-13574 | llvm llvm-project up to 22.1.6 Bitcode File IntrinsicInst.cpp getBasePtr heap-based overflow (Issue 199191)

A vulnerability marked as problematic has been reported in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow.

This vulnerability is handled as CVE-2026-13574. It is possible to launch the attack on the local host. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-13574 | llvm llvm-project up to 22.1.6 Bitcode File IntrinsicInst.cpp getBasePtr heap-based overflow (Issue 199191)

Post correlati

CVE-2024-53051 | Linux Kernel up to 6.11.6 hdcp intel_hdcp_get_capability null pointer dereference (4912e8fb3c37/31b42af516af)

CVE-2023-24135 | Scandinavia Eagle Jensen 1200AC 15.03.06.33_en formWriteFacMac mac command injection

CVE-2024-5224 | Easy Social Like Box Plugin up to 4.0 on WordPress Shortcode cross site scripting

CVE-2024-0555 | Full Compass Systems WIC1200 1.1 cross-site request forgery