| Name | CVE-2025-52937 |
| Description | Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE). |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| pcl (PTS) | bullseye | 1.11.1+dfsg-1 | fixed |
| bookworm | 1.13.0+dfsg-3 | fixed |
| forky, sid, trixie | 1.15.0+dfsg-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| pcl | source | (unstable) | (not affected) | | | |
Notes
- pcl <not-affected> (PCL in Debian uses the system copy of zlib)