1 results (0.001 seconds)
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47436 – Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression
https://notcve.org/view.php?id=CVE-2025-47436
14 May 2025 — Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and ... • https://lists.apache.org/thread/kd6tlv8fs5jybmsgxr4vrkdxyc866wrn • CWE-122: Heap-based Buffer Overflow •