2024-09-18
ALT-BU-2024-12897-1
Branch c10f2 update bulletin.
Closed vulnerabilities
Published: 2024-07-26
BDU:2024-06669
Уязвимость файла orcparse.c библиотеки для компиляции и выполнения программ, которые работают с массивами данных GStreamer ORC, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.3)
Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2024-07-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
Severity: MEDIUM (6.7)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2024/07/26/1
- http://www.openwall.com/lists/oss-security/2024/07/26/1
- https://github.com/GStreamer/orc
- https://github.com/GStreamer/orc
- https://gstreamer.freedesktop.org/modules/orc.html
- https://gstreamer.freedesktop.org/modules/orc.html
- https://jvn.jp/en/jp/JVN02030803/
- https://jvn.jp/en/jp/JVN02030803/