{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T05:48:18.860","vulnerabilities":[{"cve":{"id":"CVE-2024-40897","sourceIdentifier":"vultures@jpcert.or.jp","published":"2024-07-26T06:15:02.290","lastModified":"2024-11-21T09:31:48.450","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments."},{"lang":"es","value":"Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en orcparse.c de versiones de ORC anteriores a la 0.4.39. Si se engaña a un desarrollador para que procese un archivo especialmente manipulado con el compilador ORC afectado, se puede ejecutar un código arbitrario en el entorno de compilación del desarrollador. Esto puede poner en peligro las máquinas de desarrollo o los entornos de compilación de CI."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:orc:*:*:*:*:*:*:*:*","versionEndExcluding":"0.4.39","matchCriteriaId":"225518F5-6BD6-4014-ACE0-6A2B50088872"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2024/07/26/1","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"https://github.com/GStreamer/orc","source":"vultures@jpcert.or.jp","tags":["Product"]},{"url":"https://gstreamer.freedesktop.org/modules/orc.html","source":"vultures@jpcert.or.jp","tags":["Product"]},{"url":"https://jvn.jp/en/jp/JVN02030803/","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/26/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/GStreamer/orc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://gstreamer.freedesktop.org/modules/orc.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://jvn.jp/en/jp/JVN02030803/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}