Description

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

INFO

Published Date :

2025-05-14T17:59:58.180Z

Last Modified :

2025-05-15T13:49:10.296Z

Source :

GovTech CSG
AFFECTED PRODUCTS

The following products are affected by CVE-2025-4638 vulnerability.

Vendors Products
Pointclouds
  • Point Cloud Library
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4638.

URL Resource
https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70 cve-icon cve-icon
https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac cve-icon cve-icon
https://github.com/PointCloudLibrary/pcl/pull/6245 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-4638 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact