CVE-2024-40897
July 26, 2024, 12:38 p.m.
Tags
Product(s) Impacted
ORC
- before 0.4.39
Description
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
Weaknesses
Date
Published: July 26, 2024, 6:15 a.m.
Last Modified: July 26, 2024, 12:38 p.m.
Status : Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
vultures@jpcert.or.jp
References
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp