0.001 Low
EPSS
Percentile
30.9%
Apache OCR is vulnerable to denial of service (DoS). A flaw in the JAVA or C++ OCR file parser can cause an infinite recursive loop that triggers a stack overflow if a malicious OCR file is being parsed.
github.com/apache/orc/blob/fe7e280a6e97e2d82c3e602a4f28f917d9413a39/site/_data/releases.yml
github.com/apache/orc/commit/d5018d309a8adc6b8e0567cb692a17371d16e108
orc.apache.org/security/CVE-2018-8015/