CVE-2023-37187

Name of the Vulnerable Software and Affected Versions C-blosc2 versions prior to 2.9.3

Description The issue is related to a NULL pointer dereference in the zfp acc decompress function, located in the zfp/blosc2-zfp.c file. This indicates a problem where the software attempts to access memory through a null, or non-existent, pointer, which can lead to crashes or potentially allow an attacker to execute arbitrary code.

Recommendations For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the zfp acc decompress function until a patch is applied.