ByteOS Network

NVD Vulnerability Details :

CVE-2025-4640

Received

Source-cve_disclosure@tech.gov.sg

Published At-14 May, 2025 | 19:15

Updated At-14 May, 2025 | 19:15

Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.3	HIGH	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber

Type: Secondary

Version: 4.0

Base score: 8.3

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:L/U:Amber

Weaknesses

CWE ID	Type	Source
CWE-787	Secondary	cve_disclosure@tech.gov.sg

CWE ID: CWE-787

Type: Secondary

Source: cve_disclosure@tech.gov.sg

References

Hyperlink	Source	Resource
https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70	cve_disclosure@tech.gov.sg	N/A
https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac	cve_disclosure@tech.gov.sg	N/A
https://github.com/PointCloudLibrary/pcl/pull/6246	cve_disclosure@tech.gov.sg	N/A