Vulnerability CVE-2024-40897: Information

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Severity: MEDIUM (6.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Published: July 26, 2024
Modified: Aug. 27, 2024
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
orcsisyphus0.4.39-alt10.4.39-alt1ALT-PU-2024-10163-1353196Fixed
orcsisyphus_riscv640.4.39-alt10.4.39-alt1ALT-PU-2024-10180-1-Fixed
orcsisyphus_loongarch640.4.39-alt10.4.39-alt1ALT-PU-2024-10183-1-Fixed
orcp110.4.39-alt10.4.38-alt1ALT-PU-2024-11567-1355782Testing

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:gstreamer:orc:*:*:*:*:*:*:*:*
      End excluding
      0.4.39