CVE-2025-4638

14.05.2025, 18:15

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.

Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
GovTech CSG	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (zlib): Schwachstelle ermöglicht nicht spezifizierten Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Published: 2025-05-29T22:00:00+00:00

References

https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70

https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac

https://github.com/PointCloudLibrary/pcl/pull/6245