{"id":"CVE-2023-37188","details":"C-blosc2 before 2.9.3 was discovered to contain a NULL pointer dereference via the function zfp_rate_decompress at zfp/blosc2-zfp.c.","modified":"2026-05-01T04:20:07.878330Z","published":"2023-12-25T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37188.json"},"references":[{"type":"WEB","url":"https://github.com/Blosc/c-blosc2/compare/v2.9.2...v2.9.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/37xxx/CVE-2023-37188.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37188"},{"type":"REPORT","url":"https://github.com/Blosc/c-blosc2/issues/521"},{"type":"FIX","url":"https://github.com/Blosc/c-blosc2/commit/425e8a9a59d49378d57e2116b6c9b0190a5986f5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/blosc/c-blosc2","events":[{"introduced":"0"},{"fixed":"48e7cdf4a901ee11461548474f5581671e3a72f5"}]}],"versions":["v2.0.0","v2.0.0-beta.1","v2.0.0-beta.3","v2.0.0-beta.4","v2.0.0-rc2","v2.0.0.beta.5","v2.0.0.rc1","v2.0.0a2","v2.0.0a3","v2.0.0a4","v2.0.0a5","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1.0","v2.1.1","v2.2.0","v2.3.0","v2.3.1","v2.4.0","v2.4.1","v2.4.2","v2.4.3","v2.5.0","v2.6.0","v2.6.1","v2.7.0","v2.7.1","v2.8.0","v2.9.0","v2.9.1","v2.9.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37188.json"}}],"schema_version":"1.7.5"}