CVE-2024-53432 — Vulnetix

CVE-2024-53432 PUBLISHED CVSS 7.5 HIGH

While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files.

EPSS 0.25% · 48.2th percentile

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.25%

48.2th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
point_cloud_library	pcl	1.14.1

Exploit Intelligence

https://github.com/PointCloudLibrary/pcl/issues/6162 (circl)

Timeline

Nov 21, 2024 CVE Published
Nov 22, 2024 EPSS Score
Dec 4, 2024 CVE Updated
Dec 10, 2024 EPSS Score
Dec 28, 2024 EPSS Score
Jan 14, 2025 EPSS Score
Jan 31, 2025 EPSS Score
Feb 6, 2025 Coalition ESS Score
Feb 18, 2025 EPSS Score
Mar 7, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Apr 11, 2025 EPSS Score

References

https://github.com/PointCloudLibrary/pcl/issues/6162 url
https://nvd.nist.gov/vuln/detail/CVE-2024-53432 advisory

Open in Interactive Console →