CVE-2023-29419

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-29419

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29419.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-29419

Downstream

DEBIAN-CVE-2023-29419

UBUNTU-CVE-2023-29419

Published

2023-04-06T05:15:07.577Z

Modified

2026-04-12T03:51:12.460408Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3decodeblock out-of-bounds read.

References

Affected packages

Git / github.com/iczelia/bzip3

Affected ranges

Type: GIT
Repo: https://github.com/iczelia/bzip3
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602

Type

GIT

Repo

https://github.com/kspalaiologos/bzip3

Events

Introduced

Fixed

3bf1483853b7d3371b4a6beb186cbddcaf45d25e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.3"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.2.0

1.2.1

1.2.2

Other

corpus

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "67536587963852534350798469070520861060",
                "10461730307897636711338022267536487947",
                "112630467580057572610246312760335876954",
                "66715998431264952208770620016622750426",
                "114045861584765101919162751360127532581",
                "120629721059557797745167933144740452364",
                "324928415273960548674085506927253832284",
                "4741903368647651427051414113103732509",
                "25847635349640900602038803520072164743",
                "178653668005486386421535114118911591431",
                "123973226226046142208301667499274450285",
                "302153721302900223192188484787414620657",
                "259616758639477605327895695511330203518",
                "151275341601945689158491886782305273846",
                "104531504064034289270711371736703291850",
                "212259019686407281120789379065129485158",
                "272082424906555360711046362846705259893",
                "182536815242807692201387140130247132327",
                "248116589378469723006393554411811538215",
                "95848176613044269608131250507611907231",
                "93231009806851677559769170204829509513",
                "77424311426386695608916856587457745642",
                "246741431692479889899098740246620820384",
                "161006062434449641774524198812503212511",
                "8804305666373690271636591874951462047",
                "224757496006165088352465568247830732434"
            ]
        },
        "id": "CVE-2023-29419-5f40cb2b",
        "signature_type": "Line",
        "source": "https://github.com/iczelia/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602",
        "deprecated": false,
        "target": {
            "file": "src/libbz3.c"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "231621189892871203030978985221946047935",
            "length": 2346.0
        },
        "id": "CVE-2023-29419-fed773cc",
        "signature_type": "Function",
        "source": "https://github.com/iczelia/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602",
        "deprecated": false,
        "target": {
            "function": "bz3_decode_block",
            "file": "src/libbz3.c"
        },
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29419.json"

vanir_signatures_modified

"2026-04-12T03:51:12Z"