7 matches found
CVE-2020-29367
CVE-2020-29367 affects Blosc C-Blosc2 (Blosc devel up to version 2.0.0.beta.5). A heap-based buffer overflow occurs when there is insufficient space to write compressed data, potentially impacting programs that rely on Blosc for compression. The vulnerability is described with a high impact on co...
CVE-2024-3203
The CVE-2024-3203 issue affects c-blosc2 up to 2.13.2, where the ndlz8_decompress function in /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c enables a heap-based buffer overflow that can be triggered remotely. Upgrading to version 2.14.3 addresses the vulnerability. The exploitation details are desc...
CVE-2024-3204
CVE-2024-3204 affects c-blosc2 up to version 2.13.2. The vulnerability is a heap-based buffer overflow in the function ndlz4_decompress (ndlz4x4.c), exploitable remotely. Upgrading to version 2.14.3 is the recommended mitigation. If exploitation details or in-wild activity are disclosed in the so...
CVE-2023-37185
Vulnerability summary: CVE-2023-37185 affects Blosc C-Blosc2 prior to 2.9.3, due to a NULL pointer dereference in the function zfp_prec_decompress (zfp/blosc2-zfp.c). The issue is triggered in zfp_prec_decompress and may lead to crashes or memory access problems. Affected software: c-blosc2 up to...
CVE-2023-37187
CVE-2023-37187 affects c-blosc2 before 2.9.3. The root cause is a NULL pointer dereference in zfp_acc_decompress (zfp/blosc2-zfp.c). This can cause crashes (potential availability impact) and is documented across NVD/Red Hat/CVE records. Remediation: upgrade to version 2.9.3 or later; as a tempor...
CVE-2023-37186
CVE-2023-37186 affects C-Blosc2, specifically versions prior to 2.9.3. The issue is a NULL pointer dereference in ndlz/ndlz8x8.c triggered by a NULL pointer passed to memset. This vulnerability can lead to a crash or denial of service, with CVSS 3.1 base score 7.5 (HIGH). The connected documents ...
CVE-2023-37188
CVE-2023-37188 affects Blosc2 prior to 2.9.3. The vulnerability is a NULL pointer dereference in zfp_rate_decompress within zfp/blosc2-zfp.c. Public sources consistently describe the flaw as a crash-inducing null dereference; no exploitation details are provided in the supplied documents. Impact ...