rpm package
almalinux/orc-devel
pkg:rpm/almalinux/orc-devel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-40897 | — | < 0.4.28-4.el8_10 | 0.4.28-4.el8_10 | Jul 26, 2024 | Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to c | ||
| CVE-2018-7263 | Cri | 9.8 | < 0.4.28-3.el8 | 0.4.28-3.el8 | Feb 20, 2018 | The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. |
- CVE-2024-40897Jul 26, 2024affected < 0.4.28-4.el8_10fixed 0.4.28-4.el8_10
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to c
- affected < 0.4.28-3.el8fixed 0.4.28-3.el8
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552.