CVE-2024-40897

Name
CVE-2024-40897
Description
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/GStreamer/orc
https://gstreamer.freedesktop.org/modules/orc.html
https://jvn.jp/en/jp/JVN02030803/
http://www.openwall.com/lists/oss-security/2024/07/26/1

Match rules

CPE URI Source package Min version Max version
orc == prior to 0.4.39 == prior to 0.4.39

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
orc 3.19-main 0.4.39-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
orc 3.18-main 0.4.39-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
orc 3.17-main 0.4.39-r0 Natanael Copa <ncopa@alpinelinux.org> fixed