CVE-2024-40897

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-40897

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40897.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-40897

Related

Published

2024-07-26T06:15:02Z

Modified

2024-12-05T15:37:59.675387Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

References

Affected packages

Alpine:v3.17 / orc

Package

Name: orc
Purl: pkg:apk/alpine/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-r0

Affected versions

0.*

0.4.14-r0

0.4.16-r0

0.4.17-r0

0.4.18-r0

0.4.19-r0

0.4.22-r0

0.4.23-r0

0.4.24-r0

0.4.25-r0

0.4.26-r0

0.4.27-r0

0.4.28-r0

0.4.29-r0

0.4.30-r0

0.4.31-r0

0.4.31-r1

0.4.31-r2

0.4.32-r0

0.4.32-r1

0.4.32-r2

0.4.33-r0

Alpine:v3.18 / orc

Package

Name: orc
Purl: pkg:apk/alpine/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-r0

Affected versions

0.*

0.4.14-r0

0.4.16-r0

0.4.17-r0

0.4.18-r0

0.4.19-r0

0.4.22-r0

0.4.23-r0

0.4.24-r0

0.4.25-r0

0.4.26-r0

0.4.27-r0

0.4.28-r0

0.4.29-r0

0.4.30-r0

0.4.31-r0

0.4.31-r1

0.4.31-r2

0.4.32-r0

0.4.32-r1

0.4.32-r2

0.4.33-r0

0.4.33-r1

0.4.34-r0

Alpine:v3.19 / orc

Package

Name: orc
Purl: pkg:apk/alpine/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-r0

Affected versions

0.*

0.4.14-r0

0.4.16-r0

0.4.17-r0

0.4.18-r0

0.4.19-r0

0.4.22-r0

0.4.23-r0

0.4.24-r0

0.4.25-r0

0.4.26-r0

0.4.27-r0

0.4.28-r0

0.4.29-r0

0.4.30-r0

0.4.31-r0

0.4.31-r1

0.4.31-r2

0.4.32-r0

0.4.32-r1

0.4.32-r2

0.4.33-r0

0.4.33-r1

0.4.34-r0

Alpine:v3.20 / orc

Package

Name: orc
Purl: pkg:apk/alpine/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-r0

Affected versions

0.*

0.4.14-r0

0.4.16-r0

0.4.17-r0

0.4.18-r0

0.4.19-r0

0.4.22-r0

0.4.23-r0

0.4.24-r0

0.4.25-r0

0.4.26-r0

0.4.27-r0

0.4.28-r0

0.4.29-r0

0.4.30-r0

0.4.31-r0

0.4.31-r1

0.4.31-r2

0.4.32-r0

0.4.32-r1

0.4.32-r2

0.4.33-r0

0.4.33-r1

0.4.34-r0

0.4.35-r0

0.4.37-r0

Alpine:v3.21 / orc

Package

Name: orc
Purl: pkg:apk/alpine/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.39-r0

Affected versions

0.*

0.4.14-r0

0.4.16-r0

0.4.17-r0

0.4.18-r0

0.4.19-r0

0.4.22-r0

0.4.23-r0

0.4.24-r0

0.4.25-r0

0.4.26-r0

0.4.27-r0

0.4.28-r0

0.4.29-r0

0.4.30-r0

0.4.31-r0

0.4.31-r1

0.4.31-r2

0.4.32-r0

0.4.32-r1

0.4.32-r2

0.4.33-r0

0.4.33-r1

0.4.34-r0

0.4.35-r0

0.4.37-r0

0.4.38-r0

Debian:11 / orc

Package

Name: orc
Purl: pkg:deb/debian/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.4.32-1

1:0.4.32-2

1:0.4.33-1

1:0.4.33-2

1:0.4.34-1

1:0.4.34-2

1:0.4.34-3

1:0.4.34-3.1~exp1

1:0.4.34-4

1:0.4.34-4.1

1:0.4.34-4.2

1:0.4.34-4.3

1:0.4.38-1

1:0.4.39-1

1:0.4.39-2

1:0.4.39-2+hurd.1

1:0.4.39-3

1:0.4.40-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / orc

Package

Name: orc
Purl: pkg:deb/debian/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.4.33-2

1:0.4.34-1

1:0.4.34-2

1:0.4.34-3

1:0.4.34-3.1~exp1

1:0.4.34-4

1:0.4.34-4.1

1:0.4.34-4.2

1:0.4.34-4.3

1:0.4.38-1

1:0.4.39-1

1:0.4.39-2

1:0.4.39-2+hurd.1

1:0.4.39-3

1:0.4.40-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / orc

Package

Name: orc
Purl: pkg:deb/debian/orc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.4.39-1

Affected versions

1:0.*

1:0.4.33-2

1:0.4.34-1

1:0.4.34-2

1:0.4.34-3

1:0.4.34-3.1~exp1

1:0.4.34-4

1:0.4.34-4.1

1:0.4.34-4.2

1:0.4.34-4.3

1:0.4.38-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/gstreamer/orc

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/gstreamer/orc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ba5923931fee9437f4ca72d272ea4c663c74e4c9

Affected versions

0.*

0.4.23

0.4.29

0.4.30

0.4.31

0.4.32

0.4.33

0.4.34

0.4.35

0.4.36

0.4.37

0.4.38

Other

merge-base

orc-0.*

orc-0.4.0

orc-0.4.10

orc-0.4.11

orc-0.4.12

orc-0.4.13

orc-0.4.14

orc-0.4.15

orc-0.4.16

orc-0.4.17

orc-0.4.18

orc-0.4.19

orc-0.4.2

orc-0.4.20

orc-0.4.21

orc-0.4.22

orc-0.4.23

orc-0.4.24

orc-0.4.25

orc-0.4.26

orc-0.4.27

orc-0.4.28

orc-0.4.3

orc-0.4.4

orc-0.4.5

orc-0.4.6

orc-0.4.7

orc-0.4.8

orc-0.4.9