CVE-2024-40897

July 26, 2024, 12:38 p.m.

None
No Score

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Product(s) Impacted

Product Versions
ORC
  • ['before 0.4.39']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://github.com/GStreamer/orc
https://gstreamer.freedesktop.org/modules/orc.html
https://jvn.jp/en/jp/JVN02030803/

Tags

vultures@jpcert.or.jp
2024-07-26
CVE-2024-40897

Timeline

Published: July 26, 2024, 6:15 a.m.
Last Modified: July 26, 2024, 12:38 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.