VDB
CISA-2025-4638
CISA-2025-4638
PUBLISHED
CVSS 9.2 CRITICAL
Reported by GovTech CSG · Published May 14, 2025
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Risk Scores
CVSS 4.0
9.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H/AU:Y/R:U/V:D/RE:M/U:Amber
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PointCloudLibrary | pcl | 0 |
| PointCloudLibrary | pcl | 0, 0 |
Timeline
- May 14, 2025 CVE Published
- May 15, 2025 CVE Updated