Search for packages
| purl | pkg:pypi/pyarrow@0.12.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-n25g-xj5f-tyfj
Aliases: CVE-2019-12410 GHSA-cjw4-2w9r-r8mv PYSEC-2019-196 |
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-13T09:00:05.434818+00:00 | GHSA Importer | Affected by | VCID-n25g-xj5f-tyfj | https://github.com/advisories/GHSA-cjw4-2w9r-r8mv | 38.6.0 |
| 2026-06-12T18:19:58.665689+00:00 | GitLab Importer | Affected by | VCID-n25g-xj5f-tyfj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyarrow/CVE-2019-12410.yml | 38.6.0 |
| 2026-06-12T04:03:00.109735+00:00 | Pypa Importer | Affected by | VCID-n25g-xj5f-tyfj | https://github.com/pypa/advisory-database/blob/main/vulns/pyarrow/PYSEC-2019-196.yaml | 38.6.0 |
| 2026-06-11T20:44:49.134408+00:00 | PyPI Importer | Affected by | VCID-n25g-xj5f-tyfj | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 38.6.0 |