A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.
Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
CVSS
No CVSS.
References
Configurations
No configuration.
History
16 May 2025, 14:43
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 May 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 |
14 May 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-14 18:15
Updated : 2025-05-16 14:43
NVD link : CVE-2025-4638
Mitre link : CVE-2025-4638
CVE.ORG link : CVE-2025-4638
JSON object : View
Products Affected
No product.
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer