CVE-2025-47436

CVE-2025-47436

Name

CVE-2025-47436

Description

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
mailing-list	https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn
vendor-advisory	https://orc.apache.org/security/CVE-2025-47436/
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/05/13/4

Type

URI

mailing-list

https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn

vendor-advisory

https://orc.apache.org/security/CVE-2025-47436/

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/05/13/4

Match rules

CPE URI	Source package	Min version	Max version
	apache-orc	>= 0	<= 1.8.8
	apache-orc	>= 1.9.0	<= 1.9.5
	apache-orc	>= 2.0.0	<= 2.0.4
	apache-orc	>= 2.1.0	<= 2.1.1
`cpe:2.3:a:apache:orc::::::::`	orc	>= None	< 1.8.9
`cpe:2.3:a:apache:orc::::::::`	orc	>= 1.9.0	< 1.9.6
`cpe:2.3:a:apache:orc::::::::`	orc	>= 2.0.0	< 2.0.5
`cpe:2.3:a:apache:orc::::::::`	orc	>= 2.1.0	< 2.1.2

CPE URI

Source package

Min version

Max version

apache-orc

>= 0

<= 1.8.8

apache-orc

>= 1.9.0

<= 1.9.5

apache-orc

>= 2.0.0

<= 2.0.4

apache-orc

>= 2.1.0

<= 2.1.1

cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*

orc

>= None

< 1.8.9

cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*

orc

>= 1.9.0

< 1.9.6

cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*

orc

>= 2.0.0

< 2.0.5

cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*

orc

>= 2.1.0

< 2.1.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
orc	edge-main	0.4.41-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	edge-main	0.4.40-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	edge-main	0.4.39-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	3.22-main	0.4.40-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	3.22-main	0.4.39-r0	None	possibly vulnerable
orc	3.21-main	0.4.40-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	3.21-main	0.4.39-r0	None	possibly vulnerable
orc	3.20-main	0.4.40-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	3.20-main	0.4.39-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
orc	3.19-main	0.4.39-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
apache-orc	edge-community	2.1.1-r1	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
apache-orc	edge-community	2.1.1-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
apache-orc	edge-community	2.1.0-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
apache-orc	edge-community	2.0.3-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable
apache-orc	3.22-community	2.0.3-r0	Duncan Bellamy <dunk@denkimushi.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

orc

edge-main

0.4.41-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

orc

edge-main