Vulnerabilities > CVE-2024-40897 - Out-of-bounds Write vulnerability in Gstreamer ORC
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/07/26/1
- http://www.openwall.com/lists/oss-security/2024/07/26/1
- https://github.com/GStreamer/orc
- https://github.com/GStreamer/orc
- https://gstreamer.freedesktop.org/modules/orc.html
- https://gstreamer.freedesktop.org/modules/orc.html
- https://jvn.jp/en/jp/JVN02030803/
- https://jvn.jp/en/jp/JVN02030803/