CVE-2025-47436 | Apache ORC up to 1.8.8/1.9.5/2.0.4/2.1.1 C++ LZO Decompression heap-based overflow

Inserito da Angelo Barbosa | Mag 13, 2025 | CVE

A vulnerability was found in Apache ORC up to 1.8.8/1.9.5/2.0.4/2.1.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component C++ LZO Decompression. The manipulation leads to heap-based buffer overflow.

This vulnerability is known as CVE-2025-47436. Access to the local network is required for this attack. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-47436 | Apache ORC up to 1.8.8/1.9.5/2.0.4/2.1.1 C++ LZO Decompression heap-based overflow

Post correlati

CVE-2024-23380 | Qualcomm Snapdragon up to WSA8845H User Packet use after free

CVE-2024-41035 | Linux Kernel up to 6.9.9 USB config.c endpoint_is_duplicate bEndpointAddress Privilege Escalation

CVE-2024-26190 | Microsoft Windows 11 21H2/11 22H2/11 23H2 QUIC denial of service

CVE-2024-6772 | Google Chrome up to 126.0.6478.126 V8 out-of-bounds (ID 346597)