CVE-2024-53432

While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Debian logo
Debian Releases
Debian Product
Codename
pcl
bullseye
postponed
bookworm
no-dsa
trixie
1.15.0+dfsg-2
fixed
sid
1.15.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pcl
plucky
needs-triage
oracular
Fixed 1.14.0+dfsg-3ubuntu0.2
released
noble
Fixed 1.14.0+dfsg-1ubuntu0.1~esm1
released
jammy
Fixed 1.12.1+dfsg-3ubuntu0.1~esm2
released
focal
Fixed 1.10.0+dfsg-5ubuntu1+esm2
released
bionic
Fixed 1.8.1+dfsg1-2ubuntu2.18.04.1+esm1
released
xenial
Fixed 1.7.2-14ubuntu0.1+esm1
released
Common Weakness Enumeration
References
https://github.com/PointCloudLibrary/pcl/issues/6162