CVE-2025-4640 HIGH

CVE-2025-4640: Out-of-bounds Write in pcl

Vendor Pointcloudlibrary
Product pcl
Weakness CWE-787
Published May 14, 2025
Last update May 15, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:L/U:Amber

What the vulnerability does

01Description

Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Key dates

02Disclosure timeline

May 14, 2025 CVE published
May 15, 2025 Record updated