5 matches found
CVE-2024-41178
Apache Arrow Rust Object Store (object_store crate)
CVE-2024-52338
CVE-2024-52338 affects the Apache Arrow R package (versions 4.0.0–16.1.0). Deserialization of untrusted IPC/Parquet data allows arbitrary code execution. Affected users reading Arrow IPC, Feather, or Parquet data from untrusted sources are vulnerable. Upgrade to 17.0.0 or later to fix the issue. ...
CVE-2019-12410
CVE-2019-12410 affects Apache Arrow 0.12.0–0.14.1, where memory for Arrow Arrays could be left uninitialized when reading RLE null data from Parquet. This impacts C++, Python, Ruby, and R implementations and could lead to leaking uninitialized memory if data is transmitted (e.g., Flight) or persi...
CVE-2019-12408
CVE-2019-12408 affects the C++ implementation of Apache Arrow (used by R, Python, and Ruby bindings) in versions 0.14.0–0.14.1. A memory bug occurs when building arrays with null values, causing uninitialized memory to potentially be shared when Arrow Arrays are transmitted (e.g., via Flight) or ...
CVE-2026-25087
The CVE concerns Apache Arrow C++ (versions 15.0.0–23.0.0) where a Use After Free can occur when reading an IPC file with pre-buffering enabled and IPC-data containing variadic buffers (e.g., Binary/String Views). The vulnerability arises from writes to a dangling pointer in a multi-threaded IO s...