A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function
ndlz8_decompress
of the file /src/c-blosc2/plugins/codecs/ndlz/ndlz8x8.c. The manipulation leads to heap-based buffer overflow.
This vulnerability is traded as CVE-2024-3203. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.