Description
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/Blosc/c-blosc2/commit/c4c6470e88210afc95262c8b9fcc27e30ca043ee
Mailing List, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26442
Scores
CVSS v3
7.8
EPSS
0.0118
EPSS Percentile
63.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (2)
blosc/c-blosc2
2.0.0 alpha2 (9 CPE variants)
pypi/blosc2
0 - 0.1.7PyPI
Published
Nov 27, 2020
Tracked Since
Feb 18, 2026