CVE-2025-4640

Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

CVSS

No CVSS.

References

Link	Resource
https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70
https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac
https://github.com/PointCloudLibrary/pcl/pull/6246

Configurations

No configuration.

History

16 May 2025, 14:43

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de escritura fuera de los límites en PointCloudLibrary pcl permite búferes de desbordamiento. Desde la versión 1.14.0, PCL utiliza de forma predeterminada una instalación zlib del sistema, a menos que el usuario configure WITH_SYSTEM_ZLIB=FALSE. Por lo tanto, esta posible vulnerabilidad solo es relevante si la versión de PCL es anterior a la 1.14.0 o si el usuario solicita específicamente no usar la zlib del sistema.

14 May 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-14 19:15

Updated : 2025-05-16 14:43

NVD link : CVE-2025-4640

Mitre link : CVE-2025-4640

CVE.ORG link : CVE-2025-4640

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-4640", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 8.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-14T19:15:53.557", "references": [{"url": "https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70", "source": "cve_disclosure@tech.gov.sg"}, {"url": "https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac", "source": "cve_disclosure@tech.gov.sg"}, {"url": "https://github.com/PointCloudLibrary/pcl/pull/6246", "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib."}, {"lang": "es", "value": "La vulnerabilidad de escritura fuera de los l\u00edmites en PointCloudLibrary pcl permite b\u00faferes de desbordamiento. Desde la versi\u00f3n 1.14.0, PCL utiliza de forma predeterminada una instalaci\u00f3n zlib del sistema, a menos que el usuario configure WITH_SYSTEM_ZLIB=FALSE. Por lo tanto, esta posible vulnerabilidad solo es relevante si la versi\u00f3n de PCL es anterior a la 1.14.0 o si el usuario solicita espec\u00edficamente no usar la zlib del sistema."}], "lastModified": "2025-05-16T14:43:26.160", "sourceIdentifier": "cve_disclosure@tech.gov.sg"}