CVE-2023-29824
Description
A use-after-free bug in Py_FindObjects() in SciPy before 1.8.0 was reported via static analysis but is not considered a security issue by the vendor.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free bug in Py_FindObjects() in SciPy before 1.8.0 was reported via static analysis but is not considered a security issue by the vendor.
Vulnerability
Overview
CVE-2023-29824 describes a use-after-free issue identified in the Py_FindObjects() function in SciPy versions prior to 1.8.0 [1]. The bug was discovered through static analysis, not through a practical exploit scenario. The condition occurs when memory allocation fails: after PyList_New() returns NULL, the code path can lead to a double decrement of a reference, resulting in a use-after-free condition [3][4].
Exploitation
Context
Exploitation would require triggering a memory allocation failure at a specific point in Py_FindObjects(), followed by the error handling path that causes the double free [3][4]. The discoverer's analysis indicates no proof-of-concept was developed, and the issue was manually reviewed to confirm the path exists but without a reproducer [3][4].
Impact and
Status
The impact is limited: an attacker would need to control the environment to cause memory exhaustion and then trigger this code path. The vendor and discoverer explicitly state that this is not a security issue [1]. The fix was committed in SciPy commit e32fc23, which is included in SciPy version 1.8.0 and later [2]. Users running older versions should upgrade to 1.8.0 or newer to eliminate this bug.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
scipyPyPI | < 1.8.0 | 1.8.0 |
Affected products
13- SciPy/SciPydescription
- ghsa-coords12 versionspkg:pypi/scipypkg:rpm/opensuse/python-scipy_1_2_0-gnu-hpc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-scipy_1_2_0-gnu-hpc&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-scipy_1_3_3-gnu-hpc&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-scipy_1_3_3-gnu-hpc&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-scipy&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-scipy&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python-scipy_1_3_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP4pkg:rpm/suse/python-scipy_1_3_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5pkg:rpm/suse/python-scipy_1_3_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/python-scipy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/python-scipy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 1.8.0+ 11 more
- (no CPE)range: < 1.8.0
- (no CPE)range: < 1.2.0-150100.4.6.1
- (no CPE)range: < 1.2.0-150100.4.6.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.2.0-150100.4.6.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.3.3-150200.5.3.1
- (no CPE)range: < 1.3.3-150200.5.3.1
Patches
1e32fc2329d3dMAINT: Fix use-after-free in Py_FindObjects (#15013)
1 file changed · +0 −1
scipy/ndimage/src/nd_image.c+0 −1 modified@@ -928,7 +928,6 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args) Py_XDECREF(slc); free(regions); if (PyErr_Occurred()) { - Py_XDECREF(result); return NULL; } else { return result;
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-jrfm-2h82-xg28ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-29824ghsaADVISORY
- www.square16.org/achievement/cve-2023-29824ghsaWEB
- github.com/scipy/scipy/commit/e32fc2329d3dd23298725153c5b2cc7fcd0f14f1ghsaWEB
- github.com/scipy/scipy/issues/14713ghsaWEB
- github.com/scipy/scipy/issues/14713ghsaWEB
- github.com/scipy/scipy/pull/15013ghsaWEB
- www.square16.org/achievement/cve-2023-29824/mitre
News mentions
0No linked articles in our index yet.