CVE-2020-28627

CVSS 10 CRITICALEPSS 2.2%CWE-129

In short

CGAL library has a critical vulnerability in its polygon parsing code that allows attackers to execute arbitrary code by providing specially crafted malformed files, which trigger memory reading and type confusion errors.

Technical detail

Out-of-bounds read vulnerability in Nef_S2/SNC_io_parser.h's read_volume() function allows type confusion when processing malformed polygon input files, enabling arbitrary code execution with no authentication required. The vulnerability affects CGAL versions up to 5.1.1 and requires only a malicious input file to trigger.

Summary generated and translated by AI from the official description.

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

CGAL Project · libcgal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html https://security.gentoo.org/glsa/202305-34 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225