How severe is CVE-2025-47436?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-47436?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2025-47436

MEDIUM Year: 2025

Weakness Type

CWE-122

View all →

Vulnerability Description

Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.

CVE-2021-21940

CRITICAL

CVSS:10.0(Critical)

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflo...

CWE-1222021

CVE-2021-25387

CRITICAL

CVSS:10.0(Critical)

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

CWE-1222021

CVE-2021-40426

CRITICAL

CVSS:10.0(Critical)

A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buf...

CWE-1222021

CVE-2022-34819

CRITICAL

CVSS:10.0(Critical)

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 L...

CWE-1222022

CVE-2025-23123

CRITICAL

CVSS:10.0(Critical)

A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and...

CWE-1222025

CVE-2016-9603

CRITICAL

CVSS:9.9(Critical)

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a V...

CWE-1222016

CVE-2025-47436

Vulnerability Description

Related Vulnerabilities

CVE-2021-21940

CVE-2021-25387

CVE-2021-40426

CVE-2022-34819

CVE-2025-23123

CVE-2016-9603