UBUNTU-CVE-2025-4638

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-4638
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-4638.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-4638
Related
Published
2025-05-14T18:15:00Z
Modified
2025-06-03T17:58:42Z
Summary
[none]
Details

A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITHSYSTEMZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.

References

Affected packages

Ubuntu:Pro:16.04:LTS / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.7.2-14ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.2-10build1
1.7.2-13
1.7.2-14build1
1.7.2-14build1.1
1.7.2-14ubuntu0.1
1.7.2-14ubuntu0.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.8.1+dfsg1-2ubuntu2.18.04.1+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.1+dfsg1-2ubuntu1
1.8.1+dfsg1-2ubuntu2
1.8.1+dfsg1-2ubuntu2.18.04.1
1.8.1+dfsg1-2ubuntu2.18.04.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.10.0+dfsg-5ubuntu1+esm2?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.1+dfsg1-10ubuntu2
1.9.1+dfsg1-10ubuntu3
1.10.0+dfsg-4ubuntu2
1.10.0+dfsg-5ubuntu1
1.10.0+dfsg-5ubuntu1+esm1
1.10.0+dfsg-5ubuntu1+esm2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.12.1+dfsg-3build1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.1+dfsg-1build1
1.12.0+dfsg-5build1
1.12.0+dfsg-6
1.12.1+dfsg-3
1.12.1+dfsg-3build1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.14.0+dfsg-3ubuntu0.2?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.14.0+dfsg-1
1.14.0+dfsg-2
1.14.0+dfsg-2build1
1.14.0+dfsg-3
1.14.0+dfsg-3ubuntu0.1
1.14.0+dfsg-3ubuntu0.2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.14.0+dfsg-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.0+dfsg-3
1.13.0+dfsg-3build1
1.13.0+dfsg-4
1.13.0+dfsg-4build2
1.13.0+dfsg-4build3
1.14.0+dfsg-1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / pcl

Package

Name
pcl
Purl
pkg:deb/ubuntu/pcl@1.14.0+dfsg-5ubuntu1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.14.0+dfsg-3
1.14.0+dfsg-4ubuntu1
1.14.0+dfsg-5
1.14.0+dfsg-5ubuntu1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}