CVE-2024-40897

July 26, 2024, 12:38 p.m.

Tags

vultures@jpcert.or.jp
2024-07-26
CVE-2024-40897

Product(s) Impacted

ORC

  • before 0.4.39

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Weaknesses

Date

Published: July 26, 2024, 6:15 a.m.

Last Modified: July 26, 2024, 12:38 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

References

https://github.com/GStreamer/orc
vultures@jpcert.or.jp
https://gstreamer.freedesktop.org/modules/orc.html
vultures@jpcert.or.jp
https://jvn.jp/en/jp/JVN02030803/
vultures@jpcert.or.jp