← Back

CVE-2024-40897

nvd nist
Published: Jul 26, 2024Modified: Nov 21, 2024

JSON object

Loading...
6.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Affected (1)

Products: Gstreamer: Orc
Gstreamer
1 product
Orc
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Orc
Before 0.4.39

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Product
Source: vultures@jpcert.or.jp
Product
Source: vultures@jpcert.or.jp
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.