← back
CVE-2020-28616

CVE-2020-28616

CVSS 10 CRITICALEPSS 2.2%CWE-129
In short

A flaw in CGAL's polygon-parsing code allows an attacker to crash the program or execute malicious code by sending a specially crafted malformed file. The vulnerability occurs when the program tries to read beyond allocated memory.

Technical detail

Out-of-bounds read vulnerability in CGAL libcgal 5.1.1's Nef_S2/SNC_io_parser.h during polygon file parsing; exploitable via malformed input files without special privileges, leading to memory disclosure and potential code execution through type confusion.

Summary generated and translated by AI from the official description.
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
CGAL Project · libcgal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2022/12/msg00011.htmlhttps://security.gentoo.org/glsa/202305-34https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225