CVE-2024-40897

MEDIUM

ORC < 0.4.39 - Stack-based Buffer Overflow in orcparse.c

Title source: llm

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

References (4)

Core 4

Core References

Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/07/26/1

Product

https://github.com/GStreamer/orc

View Writeup ZIP pw:eip

Product

https://gstreamer.freedesktop.org/modules/orc.html

Third Party Advisory

https://jvn.jp/en/jp/JVN02030803/

Scores

CVSS v3 6.7

EPSS 0.0038

EPSS Percentile 29.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-121 CWE-787

Status published

Products (1)

gstreamer/orc < 0.4.39

Published Jul 26, 2024

Tracked Since Feb 18, 2026