{"id":"CVE-2023-37188","details":"C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.","modified":"2026-04-12T05:13:26.536848Z","published":"2023-12-25T07:15:09.347Z","references":[{"type":"ADVISORY","url":"https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3"},{"type":"FIX","url":"https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"},{"type":"FIX","url":"https://github.com/Blosc/c-blosc2/issues/521"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blosc/c-blosc2","events":[{"introduced":"0"},{"fixed":"48e7cdf4a901ee11461548474f5581671e3a72f5"},{"fixed":"425e8a9a59d49378d57e2116b6c9b0190a5986f5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.9.3"}]}}],"versions":["v2.0.0","v2.0.0-beta.1","v2.0.0-beta.3","v2.0.0-beta.4","v2.0.0-rc2","v2.0.0.beta.5","v2.0.0.rc1","v2.0.0a2","v2.0.0a3","v2.0.0a4","v2.0.0a5","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1.0","v2.1.1","v2.2.0","v2.3.0","v2.3.1","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.5.0","v2.6.0","v2.6.1","v2.7.0","v2.7.1","v2.8.0","v2.9.0","v2.9.1","v2.9.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37188.json","vanir_signatures":[{"signature_type":"Function","target":{"function":"zfp_acc_decompress","file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-243262aa","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"function_hash":"94127332930328714979693753838572680684","length":2092}},{"signature_type":"Function","target":{"function":"zfp_rate_decompress","file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-4f2d316c","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"function_hash":"84999816630490408576061315651453273397","length":2126}},{"signature_type":"Line","target":{"file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-5aea0ff0","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"line_hashes":["161527728979400029412440444892036809933","21137111373737748289023170854430580492","140013078349516273885791395039023446130","214791312930363697288435407393345526869","30279173499786461662774045591952334647","17059637026080409842366646942312157571","289805975329791131923105996838758108189","17317268047504292008235798067686073659","161527728979400029412440444892036809933","147684375185758393188901203572542378077","69813893332901692759865926115812557276","307567409048620837880448517465486490573","30279173499786461662774045591952334647","17059637026080409842366646942312157571","289805975329791131923105996838758108189","17317268047504292008235798067686073659","161527728979400029412440444892036809933","301784655629111742594683156765617453306","223991770995064550130844361093166911378","50378428659861916935466505186264407059","30279173499786461662774045591952334647","17059637026080409842366646942312157571","289805975329791131923105996838758108189","17317268047504292008235798067686073659"],"threshold":0.9}},{"signature_type":"Function","target":{"function":"zfp_rate_compress","file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-5e3a8272","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"function_hash":"213766312587182360207495961885289091047","length":3060}},{"signature_type":"Function","target":{"function":"zfp_prec_compress","file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-ec4f3bbf","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"function_hash":"33668023146656601829651730774272162036","length":3082}},{"signature_type":"Function","target":{"function":"zfp_acc_compress","file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-fde65889","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"function_hash":"155714164167155645323941631240721333322","length":2701}},{"signature_type":"Function","target":{"function":"zfp_prec_decompress","file":"plugins/codecs/zfp/blosc2-zfp.c"},"deprecated":false,"signature_version":"v1","id":"CVE-2023-37188-ff2f781f","source":"https://github.com/blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5","digest":{"function_hash":"292854444698699780685408884530219144817","length":2473}}],"vanir_signatures_modified":"2026-04-12T05:13:26Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}