CVE-2018-8015

CVE-2018-8015 affects Apache ORC parsers (versions 1.0.0 to 1.4.3). A malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser, most likely causing a denial of service. With the C++ parser, the stack overflow may potentially corrupt the stack. The connected do...

CVE-2025-47436

CVE-2025-47436 (Apache ORC) : A heap-based buffer overflow found in the ORC C++ LZO decompression logic. Malformed ORC files can cause the decompressor to allocate a 250-byte buffer but copy 295 bytes, causing memory corruption. Affected versions (as documented): 1.8.0–1.8.8; 1.9.0–1.9.5; 2.0.0–2...