CVE-2025-4638

Published: May 14, 2025

Modified: May 15, 2025

PUBLISHED

Description

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Vendor	Product	Versions
PointCloudLibrary	pcl	affected `0 - < <1.15.0`

References

https://github.com/PointCloudLibrary/pcl/pull/6245

patch

https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70

https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-4638

Description

Affected Products

References