VDB

CISA-2025-4638

CISA-2025-4638 PUBLISHED CVSS 9.2 CRITICAL

Reported by GovTech CSG · Published May 14, 2025

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Risk Scores

CVSS 4.0
9.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:L/SA:H/AU:Y/R:U/V:D/RE:M/U:Amber

Affected Products

VendorProductVersions
PointCloudLibrarypcl0
PointCloudLibrarypcl0, 0

Timeline

  • May 14, 2025 CVE Published
  • May 15, 2025 CVE Updated

References

  • patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›