CVE-2023-29417

Name of the Vulnerable Software and Affected Versions bzip3 version 1.2.2

Description An issue was discovered in libbzip3.a where there is a bz3 decompress out-of-bounds read in certain situations. This occurs when buffers passed to bzip3 do not contain enough space to be filled with decompressed data. The vendor's perspective is that the observed behavior can only occur for a contract violation.

Recommendations For bzip3 version 1.2.2, consider implementing checks to ensure that buffers passed to bzip3 have enough space to be filled with decompressed data to prevent out-of-bounds reads. As a temporary workaround, consider adding error handling for situations where the decompressed data exceeds the buffer size.