CVE-2023-37185

Name of the Vulnerable Software and Affected Versions C-blosc2 versions prior to 2.9.3

Description The issue is related to a NULL pointer dereference in the function zfp prec decompress at zfp/blosc2-zfp.c. This indicates a problem where the code attempts to access memory through a pointer that has not been initialized, leading to potential crashes or other unexpected behavior.

Recommendations For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider disabling the zfp prec decompress function until a patch is available.