Skip to content

Fix: Potential Vulnerability in Cloned zlib-Function#6245

Merged
mvieth merged 1 commit intoPointCloudLibrary:masterfrom
tabudz:CVE-2016-9840
Mar 3, 2025
Merged

Fix: Potential Vulnerability in Cloned zlib-Function#6245
mvieth merged 1 commit intoPointCloudLibrary:masterfrom
tabudz:CVE-2016-9840

Conversation

@tabudz
Copy link
Copy Markdown
Contributor

@tabudz tabudz commented Mar 2, 2025

Description
This PR fixes a security vulnerability in inflate_table() that was cloned from zlib but did not receive the security patch. The original issue was reported and fixed under madler/zlib@6a04314.
This PR applies the same patch to eliminate the vulnerability.

References
https://nvd.nist.gov/vuln/detail/CVE-2016-9840
madler/zlib@6a04314

@tabudz
Remove offset pointer optimization in inftrees.c.
b5234de 
inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.
@mvieth mvieth added module: surface changelog: fix Meta-information for changelog generation labels Mar 3, 2025
mvieth
mvieth approved these changes Mar 3, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@mvieth mvieth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@mvieth mvieth merged commit 491a17c into PointCloudLibrary:master Mar 3, 2025
@tabudz
Copy link
Copy Markdown
Contributor Author

tabudz commented Apr 16, 2025

Hi @mvieth, thanks for merging my PR. Just want to let you know that I plan to report this as a CVE. Let me know if you have any concern!

@mvieth
Copy link
Copy Markdown
Member

mvieth commented Apr 16, 2025

Hi @mvieth, thanks for merging my PR. Just want to let you know that I plan to report this as a CVE. Let me know if you have any concern!

Thanks for the heads-up. Same suggestion as in #6246 (comment) :

If you report this, may I suggest to include my note from above? That is: since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. For reference:
https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70 and 502bd2b

This was referenced May 19, 2025
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
This was referenced Jun 2, 2025
Open
Open
Open
Open
Open
@mvieth mvieth changed the title Fix: Potential Vulnerability in Cloned Function Fix: Potential Vulnerability in Cloned zlib-Function Jul 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mvieth mvieth mvieth approved these changes

Assignees

No one assigned

Labels

changelog: fix Meta-information for changelog generation module: surface

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tabudz @mvieth