PatchSiren

llvm CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW llvm CVE published 2026-06-29

CVE-2026-13574

The CVE-2026-13574 vulnerability was determined in llvm llvm-project up to version 22.1.6. This vulnerability impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler, potentially leading to a heap-based buffer overflow. The exploit has been publicly disclosed, but there are doubts about the existence of this vulnerability. Develope [truncated]

LOW llvm CVE published 2026-06-29

CVE-2026-13573

CVE-2026-13573 is a stack-based buffer overflow vulnerability in llvm llvm-project up to 22.1.6, affecting the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. Local attack is required. The exploit has been made public and could be used. However, the presence of this vulnerability remains uncertain at this time. The LLVM project explain [truncated]