CVE-2025-4638 Overview
A critical vulnerability exists in the inftrees.c component of the zlib library bundled within the PointCloudLibrary (PCL). This memory corruption issue allows context-dependent attackers to cause undefined behavior by exploiting improper pointer arithmetic. The vulnerability stems from a memory bounds restriction failure (CWE-119) in the bundled zlib implementation.
Since version 1.14.0, PCL by default uses a system-installed zlib library, unless the user explicitly sets WITH_SYSTEM_ZLIB=FALSE. This means the vulnerability is only relevant if the PCL version is older than 1.14.0 or if the user specifically requests not to use the system zlib.
Critical Impact
Network-accessible vulnerability allowing attackers to trigger undefined behavior through improper pointer arithmetic, potentially leading to integrity and availability compromise in systems processing point cloud data.
Affected Products
- PointCloudLibrary (PCL) versions prior to 1.14.0
- PCL installations with WITH_SYSTEM_ZLIB=FALSE configuration
- Applications using PCL's bundled opennurbs zlib component
Discovery Timeline
- May 14, 2025 - CVE-2025-4638 published to NVD
- October 21, 2025 - Last updated in NVD database
Technical Details for CVE-2025-4638
Vulnerability Analysis
The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating a fundamental memory safety issue in the affected zlib component. The flaw exists in the inftrees.c file, which is part of the zlib decompression implementation bundled within PCL's opennurbs surface library.
The improper pointer arithmetic in the affected code can lead to undefined behavior when processing specially crafted input. This can result in memory corruption, potentially allowing attackers to compromise both data integrity and system availability. The network-accessible nature of this vulnerability increases its severity, as remote attackers could potentially trigger exploitation without requiring authentication or user interaction.
Root Cause
The root cause is the use of an outdated, vendored copy of zlib within PCL's opennurbs component. Rather than relying on system-provided zlib libraries that receive regular security updates, older PCL versions bundled their own zlib implementation. This bundled version contains improper pointer arithmetic operations in inftrees.c that fail to properly validate memory boundaries during decompression operations.
Attack Vector
The vulnerability is exploitable over the network without requiring authentication or user interaction. Attackers can craft malicious input data that, when processed by the vulnerable zlib decompression routines, triggers the improper pointer arithmetic. This could occur in scenarios where PCL processes untrusted point cloud data from network sources or files.
# Security patch in CMakeLists.txt - Prefer system zlib over opennurbs vendored copy
# Boost (required)
include("${PCL_SOURCE_DIR}/cmake/pcl_find_boost.cmake")
+# System zlib (for nurbs on surface)
+option(WITH_SYSTEM_ZLIB "Use system zlib" TRUE)
+if(WITH_SYSTEM_ZLIB)
+ find_package(ZLIB)
+ if(ZLIB_FOUND)
+ set(HAVE_ZLIB ON)
+ endif()
+endif()
+
### ---[ Create the config.h file
set(pcl_config_h_in "${CMAKE_CURRENT_SOURCE_DIR}/pcl_config.h.in")
set(pcl_config_h "${CMAKE_CURRENT_BINARY_DIR}/include/pcl/pcl_config.h")
Source: GitHub PCL Commit Update
Detection Methods for CVE-2025-4638
Indicators of Compromise
- Unexpected crashes or segmentation faults in applications using PCL for point cloud processing
- Anomalous memory access patterns or allocation failures during zlib decompression operations
- Application instability when processing point cloud data from untrusted sources
Detection Strategies
- Inventory all PCL installations and identify versions prior to 1.14.0
- Check build configurations for WITH_SYSTEM_ZLIB=FALSE settings that enable the vulnerable bundled zlib
- Monitor for abnormal process behavior or memory corruption indicators in PCL-dependent applications
- Use software composition analysis (SCA) tools to identify bundled vulnerable zlib components
Monitoring Recommendations
- Implement runtime memory protection mechanisms to detect and prevent exploitation attempts
- Monitor PCL-based applications for unexpected terminations or error conditions during data processing
- Enable crash reporting and analysis for applications processing external point cloud data
How to Mitigate CVE-2025-4638
Immediate Actions Required
- Upgrade PointCloudLibrary to version 1.14.0 or later where system zlib is used by default
- For existing installations, rebuild PCL with WITH_SYSTEM_ZLIB=TRUE to use system-provided zlib
- Ensure the system zlib library is current and patched against known vulnerabilities
- Review and restrict sources of point cloud data processed by vulnerable PCL installations
Patch Information
The vulnerability has been addressed in PointCloudLibrary through Pull Request #6245 and the corresponding commit 502bd2b. The fix introduces a new CMake option WITH_SYSTEM_ZLIB that defaults to TRUE, ensuring PCL uses the system-installed zlib library instead of the bundled opennurbs copy containing the vulnerable code.
Workarounds
- Rebuild PCL from source with WITH_SYSTEM_ZLIB=TRUE if upgrading to 1.14.0 is not immediately feasible
- Implement input validation and sanitization for point cloud data before processing with PCL
- Isolate PCL-based applications in sandboxed environments to limit potential impact of exploitation
# CMake configuration to use system zlib
cmake -DWITH_SYSTEM_ZLIB=TRUE ..
# Verify system zlib is being used after build
grep "HAVE_ZLIB" include/pcl/pcl_config.h
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
