MiracleLinux 8 : orc-0.4.28-4.el8_10 (AXSA:2024-8673:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8673:01 advisory. orc: Stack-based buffer overflow vulnerability in ORC CVE-2024-40897 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : orc-0.4.31-7.el9_4 (AXSA:2024-8781:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8781:02 advisory. orc: Stack-based buffer overflow vulnerability in ORC CVE-2024-40897 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2022-4611

Malicious code in bioql PyPI...

TencentOS Server 4: orc (TSSA-2024:0290)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0290 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-47436 Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

CVE-2025-47436

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory...

GLSA-202505-05 : Orc: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202505-05 Orc: Arbitrary Code Execution Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory. Note that Nessus has no...

RLSA-2024:5306 Moderate: orc security update

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic...

Amazon Linux 2 : orc (ALAS-2025-2727)

The version of orc installed on the remote host is prior to 0.4.26-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2727 advisory. Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a...

Medium: orc

Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...

Medium: orc

Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...

Medium: orc

Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...

USN-6964-2: ORC vulnerability

USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Noriko Totsuka discovered that ORC incorrectly handled certain specially crafted files. An attacker could possibly use this issue to execut...

Ubuntu 16.04 LTS / 18.04 LTS : ORC vulnerability (USN-6964-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6964-2 advisory. USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Tenable has extract...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

USN-6964-1 orc vulnerability

Noriko Totsuka discovered that ORC incorrectly handled certain crafted file. An attacker could possibly use this issue to execute arbitrary code...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : ORC vulnerability (USN-6964-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6964-1 advisory. Noriko Totsuka discovered that ORC incorrectly handled certain crafted file. An attacker could possibly use this issue to execute arbitrar...

orc: Stack-based buffer overflow vulnerability in ORC

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI buil...

ORC vulnerable to stack-based buffer overflow

Overview ORC provided by GStreamer is typically used when developing GStreamer plugins. Stack-based buffer overflow vulnerability CWE-121 exists in orcparse.c of ORC. Yuhei Kawakoya of NTT Security Holdings reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

Apache ORC Denial of Service Vulnerability

Apache ORC is the United States Apache Apache Software Foundation, a columnar storage system, which supports data compression, ACID operations and indexing capabilities. A security vulnerability exists in Apache ORC versions 1.0.0 through 1.4.3. An attacker can exploit the vulnerability by means ...