Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local low-privilege access required to pass crafted bitcode; scope unchanged and impact limited to process crash with no confidentiality or integrity effect.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Heap-based buffer overflow in LLVM llvm-project through version 22.1.6 allows a local low-privilege attacker to crash affected LLVM tooling by supplying a crafted bitcode file that triggers an out-of-bounds heap write in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. The LLVM project was notified via a GitHub issue report but has not yet responded or released a patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to have an active local session on the target system with at least low-privilege user credentials, confirmed by CVSS AV:L and PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 1.9 is consistent with the constrained attack surface: AV:L requires the attacker to already have local system access, PR:L requires low-privilege credentials, and the only confirmed impact is VA:L (low availability - a process crash). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker with a standard unprivileged account on a developer workstation or CI build server crafts a malformed LLVM bitcode file that causes an out-of-bounds write when GCRelocateInst::getBasePtr processes an invalid GC relocation intrinsic operand. The attacker invokes an LLVM tool such as opt or llc against the crafted file, triggering a heap corruption that crashes the tool process. … |
| Remediation | No vendor-released patch has been identified at time of analysis, as the LLVM project has not yet responded to the coordinated disclosure reported via GitHub issue https://github.com/llvm/llvm-project/issues/199191. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Llvm Project
View allSame weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40118
GHSA-pf97-7r98-qpj7