Vulnerability Description
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gstreamer | Orc | < 0.4.39 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/07/26/1Third Party Advisory
- https://github.com/GStreamer/orcProduct
- https://gstreamer.freedesktop.org/modules/orc.htmlProduct
- https://jvn.jp/en/jp/JVN02030803/Third Party Advisory
- http://www.openwall.com/lists/oss-security/2024/07/26/1Third Party Advisory
- https://github.com/GStreamer/orcProduct
- https://gstreamer.freedesktop.org/modules/orc.htmlProduct
- https://jvn.jp/en/jp/JVN02030803/Third Party Advisory
FAQ
What is CVE-2024-40897?
CVE-2024-40897 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitra...
How severe is CVE-2024-40897?
CVE-2024-40897 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-40897?
Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Orc.