CVE-2024-3203 | c-blosc2 up to 2.13.2 ndlz8x8.c ndlz8_decompress heap-based overflow

CVE-2024-3203 | c-blosc2 up to 2.13.2 ndlz8x8.c ndlz8_decompress heap-based overflow

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-3203. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.