CVE-2026-25087

Name of the Vulnerable Software and Affected Versions Apache Arrow C++ versions 15.0.0 through 23.0.0

Description A use-after-free issue exists in Apache Arrow C++ when reading an Arrow IPC file with pre-buffering enabled, if the file contains data with variadic buffers like Binary View and String View data. This can lead to a write to a dangling pointer, potentially causing random crashes or memory corruption. If the application ingests IPC files from untrusted sources, this could be exploited for denial of service. The pre-buffering feature is disabled by default but can be enabled using the RecordBatchFileReader::PreBufferMetadata API call. Language bindings like Python, Ruby, and C GLib are not vulnerable as the functionality is not exposed through them.

Recommendations For versions 15.0.0 through 23.0.0, check if pre-buffering is enabled on the IPC file reader using RecordBatchFileReader::PreBufferMetadata. If it is enabled, either disable pre-buffering or upgrade to version 23.0.1.