CVE-2020-28601
CVE-2020-28601
In short
A flaw in CGAL's polygon-parsing tool allows attackers to read memory outside safe boundaries by providing specially crafted input, potentially crashing the application or exposing sensitive data.
Technical detail
An out-of-bounds read vulnerability in Nef_2/PM_io_parser.h's read_vertex() function allows unauthenticated attackers to supply malicious polygon data, triggering memory access beyond allocated buffer bounds. The attack requires no special privileges and results in information disclosure or denial of service.
Summary generated and translated by AI from the official description.
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
n/a · CGALWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.debian.org/debian-lts-announce/2021/05/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2022/12/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/https://security.gentoo.org/glsa/202305-34https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225