CVE-2024-40897 Vulnerability Details

  /     /     /  

CVE-2024-40897 Metadata Quick Info

CVE Published: 26/07/2024 | CVE Updated: 02/08/2024 | CVE Year: 2024
Source: jpcert | Vendor: GStreamer | Product: ORC
Status : PUBLISHED

---

CVE-2024-40897 Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer\'s build environment. This may lead to compromise of developer machines or CI build environments.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Stack-based buffer overflow
Source: GStreamer

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).