5 matches found
CVE-2024-41178
Apache Arrow Rust Object Store (object_store crate)
CVE-2024-52338
CVE-2024-52338 affects the Apache Arrow R package (versions 4.0.0–16.1.0). Deserialization of untrusted IPC/Parquet data allows arbitrary code execution. Affected users reading Arrow IPC, Feather, or Parquet data from untrusted sources are vulnerable. Upgrade to 17.0.0 or later to fix the issue. ...
CVE-2019-12410
CVE-2019-12410 affects Apache Arrow 0.12.0–0.14.1, where memory for Arrow Arrays could be left uninitialized when reading RLE null data from Parquet. This impacts C++, Python, Ruby, and R implementations and could lead to leaking uninitialized memory if data is transmitted (e.g., Flight) or persi...
CVE-2019-12408
CVE-2019-12408 affects the C++ implementation of Apache Arrow (used by R, Python, and Ruby bindings) in versions 0.14.0–0.14.1. A memory bug occurs when building arrays with null values, causing uninitialized memory to potentially be shared when Arrow Arrays are transmitted (e.g., via Flight) or ...
CVE-2026-25087
CVE-2026-25087 (Apache Arrow C++) details : A use-after-free vulnerability affects Arrow C++ 15.0.0–23.0.0. It can be triggered when reading an Arrow IPC file (not an IPC stream) with pre-buffering enabled, if the IPC file contains variadic buffers (e.g., Binary View and String View data). Depend...