google
Add Apache ORC project
Apache ORC provides both C++ and Java libraries for reading and writing ORC files, which are widely used by major data processing frameworks. Also, ORC-based formats are increasingly used to store AI training datasets at large scale.
Motivation
This integration follows the recent discovery of CVE-2025-47436, a heap buffer overflow vulnerability in the C++ LZO decompressor affecting Apache ORC versions. The vulnerability occurs when specially crafted malformed ORC files can result in memory corruption.
Continuous fuzzing through OSS-Fuzz will help identify similar input validation vulnerabilities earlier and improve the robustness of the ORC file parser.
Project Details
- Language: C++
- Repository: https://github.com/apache/orc
- Homepage: https://orc.apache.org/
- Integration Approval: https://github.com/apache/orc/issues/2431
This initial PR includes only the project.yaml configuration. The build infrastructure will be added in a follow-up PR after your approval.
jsnv-dev is integrating a new project:
- Main repo: https://github.com/apache/orc
- Criticality score: 0.57426
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi all,
Just wanted to follow up on this PR and see if there's any feedback or if there's anything I can do to help move this forward. Happy to make any changes needed or provide additional information.