CVE-2024-40897

HIGH Year: 2024
CVSS v3 Score
7.0
High
Weakness Type
CWE-787
View all →

Vulnerability Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Related Vulnerabilities

CVE-2016-8617

HIGH
CVSS:7.0(High)

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.

CWE-7872016

CVE-2017-0325

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the NVIDIA I2C HID driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7872017

CVE-2017-0332

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High b...

CWE-7872017

CVE-2017-0453

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7872017

CVE-2017-0608

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-7872017

CVE-2017-16551

HIGH
CVSS:7.0(High)

K7 Antivirus Premium before 15.1.0.53 allows local users to gain privileges by sending a specific IOCTL after setting the memory in a particular way.

CWE-7872017