Gcc

This hub aggregates every CVE we track for Gcc, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Gcc.

• CVE-2025-61729Excessive resource consumption when printing error string for host certificate validation in crypto/x5097.5Dec 2, 2025
• CVE-2023-4039GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch644.8Sep 13, 2023
• CVE-2021-3826Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled sy...6.5Sep 1, 2022
• CVE-2022-27943libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.5.5Mar 26, 2022
• CVE-2021-46195GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excess...5.5Jan 14, 2022
• CVE-2021-37322GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.7.8Nov 18, 2021
• CVE-2002-2439Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.7.8Oct 23, 2019
• CVE-2019-15847The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random numbe...7.5Sep 2, 2019
• CVE-2018-12886stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targe...8.1May 22, 2019
• CVE-2017-11671Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequenc...4.0Jul 26, 2017
• CVE-2015-5276The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-depende...5.0Nov 17, 2015
• CVE-2013-4598The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vec...5.0May 27, 2014
• CVE-2008-1685gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of len...6.8Apr 6, 2008
• CVE-2008-1367gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being...7.5Mar 17, 2008
• CVE-2006-1902fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than ...2.1Apr 20, 2006