VYPR

ORC

by Apache

CVEs (2)

  • CVE-2025-47436May 14, 2025
    risk 0.00cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it.…

  • CVE-2024-40897Jul 26, 2024
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to…