| CVE-2026-25087 |
unknown |
— |
— |
|
|
|
4mo ago |
Use After Free vulnerability in Apache Arrow C++.
This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-… |
| CVE-2024-52338 |
unknown |
— |
— |
|
|
|
2y ago |
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it
reads Arr… |
| CVE-2023-47248 |
unknown |
— |
— |
|
|
|
3y ago |
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parqu… |
| CVE-2019-12408 |
unknown |
— |
— |
|
|
|
4y ago |
It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null v… |
| CVE-2019-12410 |
unknown |
— |
— |
|
|
|
4y ago |
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data… |
