CVE-2025-4638

Name of the Vulnerable Software and Affected Versions: PointCloudLibrary (PCL) versions prior to 1.14.0

Description: A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic.

Recommendations: For PCL versions prior to 1.14.0, update to version 1.14.0 or later to use the system's zlib installation by default, which mitigates this issue. Alternatively, ensure that the system's zlib library is up to date. As a temporary workaround, consider restricting the use of the inftrees.c component until a patch is available.