CVE-2026-4738
Published: March 24th, 2026
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C.
This issue affects gdal: before 3.11.0.
Unknown
CVSS v2:
CVSS v2:
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 26.2 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 26.1 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 25.4 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 25.3 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 25.2 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 25.1 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 24.4 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 24.4.0 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 24.3 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 24.2 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 24.1 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 23.3 | zlib (1.3) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 23.2 | zlib (1.2.12) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 23.1 | zlib (1.2.12) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 22.4 | zlib (1.2.12) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 22.3 | zlib (1.2.12) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 22.2 | zlib (1.2.12) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 22.1 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 21.11 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 21.8 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 21.5.0 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 21.2.0 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.19.3667 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.18.3599 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.16.3445 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.15.3368 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.14.3263 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.13.3179 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.12.3054 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.11.3040 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.11.2990 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.10.2934 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.9.2878 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |
| 11.4.8.2822 | zlib (1.2.11) | Not Affected | Code Not Reachable | CVE-2026-4738 targets unsafe pointer arithmetic (base -= 257; extra -= 257) in inflate_table9() in contrib/infback9/inftree9.c. This is the same vulnerability already fixed in Document Filters via commit 9d560cb1803c4d8e6525a36c994c7af8b4580cff (CVE-2026-24812 fix), which backported upstream zlib commit 6a043145ca6e9c55184013841a67b2fef87e44c0. Our inftree9.c uses the safe ‘match’ variable pattern and does not contain the vulnerable pointer arithmetic. |