CVE

CVE-2024-40897

Severity:

Pending analysis

Type:

Unavailable / Other

Publication date:

26/07/2024

Last modified:

26/07/2024

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer&#39;s build environment. This may lead to compromise of developer machines or CI build environments.

References to Advisories, Solutions, and Tools

https://github.com/GStreamer/orc
https://gstreamer.freedesktop.org/modules/orc.html
https://jvn.jp/en/jp/JVN02030803/