GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-11-18
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-10-23
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
CVSS Score
7.5
EPSS Score
0.005
Published
2019-09-02
The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-11-17
The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.
CVSS Score
7.5
EPSS Score
0.004
Published
2000-11-01