Every CVE whose affected-product data names Gnu Gcc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2018-12886 — CVSS 8.1 (high): stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under…
CVE-2002-2439 — CVSS 7.8 (high): Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
CVE-2021-37322 — CVSS 7.8 (high): GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
CVE-2000-1219 — CVSS 7.5 (high): The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications…
CVE-2008-1367 — CVSS 7.5 (high): gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and…
CVE-2019-15847 — CVSS 7.5 (high): The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a…
CVE-2008-1685 — CVSS 6.8 (medium): gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than…
CVE-2021-3826 — CVSS 6.5 (medium): Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of…
CVE-2022-27943 — CVSS 5.5 (medium): libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.
CVE-2021-46195 — CVSS 5.5 (medium): GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows…
CVE-2015-5276 — CVSS 5.0 (medium): The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from…
CVE-2023-4039 — CVSS 4.8 (medium): **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an…
CVE-2017-11671 — CVSS 4.0 (medium): Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5…
CVE-2006-1902 — CVSS 2.1 (low): fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison…