MGASA-2025-0162 Updated zsync packages fix security vulnerabilities

Improper Pointer Arithmetic in pcl. CVE-2025-4638...

CVE-2025-37976

CVE-2025-37976 is rejected by its CVE Numbering Authority.

CVE-2025-4638

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary PCL. This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib...

CVE-2025-4638

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary PCL. This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib...

UBUNTU-CVE-2025-4638

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary PCL. This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib...

CVE-2025-4638 Improper Pointer Arithmetic in pcl

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary PCL. This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib...

CVE-2025-4638 Improper Pointer Arithmetic in pcl

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary PCL. This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib...

CVE-2025-4638

CVE-2025-4638 affects the inftrees.c component of the zlib library bundled with PointCloudLibrary (PCL). The issue can trigger undefined behavior via improper pointer arithmetic and is relevant when PCL is built with an older zlib (older than 1.14.0) or when the user disables the system zlib, cau...

Point Cloud Library 缓冲区错误漏洞

Point Cloud Library PCL is a library in the Point Cloud Library open source. A security vulnerability exists in Point Cloud Library version 1.14.0 and earlier, which stems from improper pointer arithmetic in the zlib library that could lead to undefined behavior...

`VMABuffer::set_data` may allow out-of-bounds writes from safe code

VMABuffer::setdata was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation. Affected versions did not check that the requested write range fit within the allocati...

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic

...

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic

...

Linux Distros Unpatched Vulnerability : CVE-2021-29155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading ...

F5 Networks BIG-IP : zlib vulnerability (K000149915)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000149915 advisory. inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper...

F5 Networks BIG-IP : zlib vulnerability (K000149905)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1. It is, therefore, affected by a vulnerability as referenced in the K000149905 advisory. inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper...

CVE-2022-25658

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2024-56702

In the Linux kernel, the following vulnerability has been resolved: bpf: Mark rawtp arguments with PTRMAYBENULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being...

kernel: local privileges escalation in kernel/bpf/verifier.c

A flaw was found in the Linux kernel's adjustptrminmaxvals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for ORNULL pointer types that perform pointer arithmetic may cause a kernel information leak issue...

kernel: crypto: bcm - Fix pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2dumpomd value of ptr is increased by ciphkeylen instead of hashivlen which could lead to going beyond the buffer boundaries. Fix this bug by changing ciphkeylen to hashivlen. Found by...

s390/bpf: Fix bpf_plt pointer arithmetic

...