Home > Vulnerability Database > CVE-2024-40897

Mend.io Vulnerability Database

CVE-2024-40897

Date: July 26, 2024

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Language: C

Severity Score

7.0

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2024-40897

Url: http://www.openwall.com/lists/oss-security/2024/07/26/1

Url: https://jvn.jp/en/jp/JVN02030803/

Url: https://github.com/GStreamer/orc

Url: https://gstreamer.freedesktop.org/modules/orc.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-40897

Url: https://security.alpinelinux.org/vuln/CVE-2024-40897

Url: https://www.mend.io/vulnerability-database/CVE-2024-40897

Severity Score

7.0

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Stack-based Buffer Overflow

CWE-121

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-40897

Date: July 26, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?