Skip to main content

Go to Calendar     Go to Press Room     Go to Newsletters subscription

  • INCIBE
    • Your Help in Cybersecurity
      • FAQ
    • Training
    • Cibercooperantes Program
    • Press Room
    • Corporate information
      • What is INCIBE
          1. Organisation chart
          2. Internal regulations
      • What we do
      • How do we operate
      • Who we work with
          1. European projects participation
          2. Memberships
          3. Network of excellence on cybersecurity R&D&i
          4. Companies
      • Contracting Organisation Profile
      • Calendar
  • INCIBE-CERT
    • Early Warning
      • Security Advisories
      • ICS Advisories
      • Vulnerabilities
          1. CNA
          2. CVE assignment and publication
          3. Coordinated CVEs
          4. Participating CNAs
    • Blog
    • Publications
      • Cybersecurity Highlights
      • Guides
      • Webinars
      • Segmented
    • Incidents
      • Incident responses
    • Services
    • About us
      • What is INCIBE-CERT
      • PGP Public keys
      • TLP
      • Vulnerability disclosure policy
      • RFC 2350
  • CITIZENS
    • Seniors
    • We help you
      • Tu Ayuda en Ciberseguridad
      • Reporte de fraude
    • Security tools
    • Temáticas
  • MINORS
    • Educators
    • Families
      • Parental Mediation
      • Cybersecurity
    • Youth
    • Hotline
  • Companies
    • We help you
      • Tu Ayuda en Ciberseguridad
    • TemáTICas
  • EVENTS
    • SID
    • Cybersecurity Summer BootCamp
    • ENISE
    • CyberCamp
  • DIGITAL SPAIN 2026
    • Cybersecurity Entrepreneurship
    • NCC-ES INCIBE
    • Internationalization
      • New Markets
      • Exterior Visibility
      • Foreign Investment
 
Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT
  • INCIBE
    •  
    • Your Help in Cybersecurity
      •  
      • FAQ
    • Training
    • Cibercooperantes Program
    • Press Room
    • Corporate information
      •  
      • What is INCIBE
        •  
          1. Organisation chart
          2. Internal regulations
      • What we do
      • How do we operate
      • Who we work with
        •  
          1. European projects participation
          2. Memberships
          3. Network of excellence on cybersecurity R&D&i
          4. Companies
      • Contracting Organisation Profile
      • Calendar
  • INCIBE-CERT
    •  
    • Early Warning
      •  
      • Security Advisories
      • ICS Advisories
      • Vulnerabilities
        •  
          1. CNA
          2. CVE assignment and publication
          3. Coordinated CVEs
          4. Participating CNAs
    • Blog
    • Publications
      •  
      • Cybersecurity Highlights
      • Guides
      • Webinars
      • Segmented
    • Incidents
      •  
      • Incident responses
    • Services
    • About us
      •  
      • What is INCIBE-CERT
      • PGP Public keys
      • TLP
      • Vulnerability disclosure policy
      • RFC 2350
  • CITIZENS
    •  
    • Seniors
    • We help you
      •  
      • Tu Ayuda en Ciberseguridad
      • Reporte de fraude
    • Security tools
    • Temáticas
  • MINORS
    •  
    • Educators
    • Families
      •  
      • Parental Mediation
      • Cybersecurity
    • Youth
    • Hotline
  • Companies
    •  
    • We help you
      •  
      • Tu Ayuda en Ciberseguridad
    • TemáTICas
  • EVENTS
    •  
    • SID
    • Cybersecurity Summer BootCamp
    • ENISE
    • CyberCamp
  • DIGITAL SPAIN 2026
    •  
    • Cybersecurity Entrepreneurship
    • NCC-ES INCIBE
    • Internationalization
      •  
      • New Markets
      • Exterior Visibility
      • Foreign Investment

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

  1. Home
  2. INCIBE-CERT
  3. Early warning
  4. Vulnerabilities
  5. CVE-2025-4640

CVE-2025-4640

Severity CVSS v4.0:
HIGH
Type:
CWE-787 Out-of-bounds Write
Publication date:
14/05/2025
Last modified:
16/05/2025

Description

Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

Impact

Vector 4.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:L/U:Amber CVSS v4.0 Severity and Metrics:

Base Score: 8.30 HIGH
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:C/RE:L/U:Amber

Attack Vector (AV): Network
Attack Complexity (AC): High
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): None
Confidentiality (VC): Low
Integrity (VI): Low
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None
Automatable (AU): Yes
Recovery (R): User
Value Density (V): Concentrated
Vulnerability Response Effort (RE): Low
Provider Urgency (U): Amber

Base Score 4.0
8.30
Severity 4.0
HIGH

References to Advisories, Solutions, and Tools

  • https://github.com/PointCloudLibrary/pcl/blob/master/surface/CMakeLists.txt#L70
  • https://github.com/PointCloudLibrary/pcl/commit/502bd2b013ce635f21632d523aa8cf2e04f7b7ac
  • https://github.com/PointCloudLibrary/pcl/pull/6246
INCIBE-CERT

Newsletter subscription

Nipo: 094-20-022-9

Follow us:  Link to INCIBE-CERT's Twitter Link to INCIBE-CERT's Linkedin Link to INCIBE-CERT's YouTube account

  • Contact
  • Personal Data Protection Policy
  • Legal notice
  • Configure cookies
  • Cookies policy
  • Site Map
  • Contracting Organisation Profile

Funded by the European Union - Next Generation EU

 

Government of Spain. Ministry for digital transformation and public service. Secretary of state for for Telecommunications and Digital Infrastructures

Recovery, Transformation and Resilience Plan

 

Conformity Certification
Aenor Security Information
Aenor Registered Company

Nipo: 094-20-027-6

INCIBE on Twitter INCIBE on Instagram INCIBE on Linkedin INCIBE on Facebook INCIBE on YouTube

×

imagen ampliada

Go top