CVE-2025-4638

Public on 2025-05-14
Modified on 2025-05-17
Description
A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.

Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.9
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 2 - Firefox Extra firefox Not Affected
HAQM Linux 2023 firefox Not Affected
HAQM Linux 2023 rsync Not Affected
HAQM Linux 2 - Core thunderbird Not Affected
HAQM Linux 1 zlib Not Affected
HAQM Linux 2 - Core zlib Not Affected
HAQM Linux 2023 zlib Not Affected

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L