In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. The impact of this bug is most likely denial-of-service against software that uses the ORC file parser. With the C++ parser, the stack overflow might possibly corrupt the stack.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.orc:orc(Maven) | 1.0.0 | 1.4.4 | N/A |
CVSS Metrics
