REDHAT-BUG-2366317: High severity pointcloudlibrary vulnerability
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.
Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITHSYSTEMZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2366317?
The severity of REDHAT-BUG-2366317 is currently assessed as critical due to the potential for undefined behavior from improper pointer arithmetic.
How do I fix REDHAT-BUG-2366317?
To fix REDHAT-BUG-2366317, you should update to the latest version of the PointCloudLibrary or zlib that addresses this vulnerability.
Which versions are affected by REDHAT-BUG-2366317?
REDHAT-BUG-2366317 affects PointCloudLibrary versions prior to 1.14.0 and zlib versions up to and including 1.14.0.
What components are impacted by REDHAT-BUG-2366317?
REDHAT-BUG-2366317 impacts the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary.
Who can exploit REDHAT-BUG-2366317?
Context-dependent attackers can exploit REDHAT-BUG-2366317 to cause undefined behavior due to improper pointer arithmetic.