Stack-based buffer overflow vulnerability exists in orcparse.c of ORC
versions prior to 0.4.39. If a developer is tricked to process a specially
crafted file with the affected ORC compiler, an arbitrary code may be
executed on the developer’s build environment. This may lead to compromise
of developer machines or CI build environments.
Author | Note |
---|---|
rodrigo-zaiden | from the security advisory: This only affects developers and CI environments using orcc, not users of liborc. |
github.com/GStreamer/orc
gstreamer.freedesktop.org/modules/orc.html
gstreamer.freedesktop.org/security/sa-2024-0003.html
jvn.jp/en/jp/JVN02030803/
launchpad.net/bugs/cve/CVE-2024-40897
nvd.nist.gov/vuln/detail/CVE-2024-40897
security-tracker.debian.org/tracker/CVE-2024-40897
www.cve.org/CVERecord?id=CVE-2024-40897