Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Published

2024-07-26T06:15:02.290

Last Modified

2024-11-21T09:31:48.450

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gstreamer	orc	< 0.4.39	Yes

References

http://www.openwall.com/lists/oss-security/2024/07/26/1 Third Party Advisory ([email protected])
https://github.com/GStreamer/orc Product ([email protected])
https://gstreamer.freedesktop.org/modules/orc.html Product ([email protected])
https://jvn.jp/en/jp/JVN02030803/ Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/07/26/1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/GStreamer/orc Product (af854a3a-2127-422b-91ae-364da2661108)
https://gstreamer.freedesktop.org/modules/orc.html Product (af854a3a-2127-422b-91ae-364da2661108)
https://jvn.jp/en/jp/JVN02030803/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)