CVE-2025-47436

Source
https://cve.org/CVERecord?id=CVE-2025-47436
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47436.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-47436
Downstream
Published
2025-05-14T13:11:36.329Z
Modified
2026-07-15T01:49:02.421857389Z
Severity
  • 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:N/RE:M/U:Amber CVSS Calculator
Summary
Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
Details

Heap-based Buffer Overflow vulnerability in Apache ORC.

A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption.

This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1.

Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.

Database specific
{
    "cwe_ids": [
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/47xxx/CVE-2025-47436.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "1.8.8"
                },
                {
                    "introduced": "1.9.0"
                },
                {
                    "last_affected": "1.9.5"
                },
                {
                    "introduced": "2.0.0"
                },
                {
                    "last_affected": "2.0.4"
                },
                {
                    "introduced": "2.1.0"
                },
                {
                    "last_affected": "2.1.1"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "1.8.8"
                },
                {
                    "introduced": "1.9.0"
                },
                {
                    "fixed": "1.9.5"
                },
                {
                    "introduced": "2.0.0"
                },
                {
                    "fixed": "2.0.4"
                },
                {
                    "introduced": "2.1.0"
                },
                {
                    "fixed": "2.1.1"
                }
            ],
            "source": "DESCRIPTION"
        }
    ],
    "cna_assigner": "apache"
}
References

Affected packages

Git / github.com/apache/orc

Affected ranges

Type
GIT
Repo
https://github.com/apache/orc
Events
Database specific
{
    "cpe": "cpe:2.3:a:apache:orc:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.8.9"
        },
        {
            "introduced": "1.9.0"
        },
        {
            "fixed": "1.9.6"
        },
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.0.5"
        },
        {
            "introduced": "2.1.0"
        },
        {
            "fixed": "2.1.2"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

rel/release-1.*
rel/release-1.0.0
rel/release-1.1.0
rel/release-1.2.0
rel/release-1.8.0
rel/release-1.8.1
rel/release-1.8.2
rel/release-1.8.3
rel/release-1.8.4
rel/release-1.8.5
rel/release-1.8.6
rel/release-1.8.7
rel/release-1.8.8
rel/release-1.9.0
rel/release-1.9.1
rel/release-1.9.2
rel/release-1.9.3
rel/release-1.9.4
rel/release-1.9.5
rel/release-2.*
rel/release-2.0.0
rel/release-2.0.1
rel/release-2.0.2
rel/release-2.0.3
rel/release-2.0.4
rel/release-2.1.0
rel/release-2.1.1
v1.*
v1.8.0
v1.8.0-rc0
v1.8.1
v1.8.1-rc0
v1.8.2
v1.8.2-rc0
v1.8.3
v1.8.3-rc0
v1.8.4
v1.8.4-rc0
v1.8.5
v1.8.5-rc0
v1.8.6
v1.8.6-rc0
v1.8.7
v1.8.7-rc0
v1.8.8
v1.8.8-rc0
v1.9.0
v1.9.0-rc0
v1.9.1
v1.9.1-rc0
v1.9.2
v1.9.2-rc0
v1.9.3
v1.9.3-rc0
v1.9.4
v1.9.4-rc0
v1.9.5
v1.9.5-rc0
v2.*
v2.0.0
v2.0.0-rc0
v2.0.1
v2.0.1-rc0
v2.0.2
v2.0.2-rc0
v2.0.3
v2.0.3-rc0
v2.0.4
v2.0.4-rc0
v2.1.0
v2.1.0-rc0
v2.1.1
v2.1.1-rc0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47436.json"