← back
CVE-2020-35628

CVE-2020-35628

CVSS 10 CRITICALEPSS 2.9%CWE-129
In short

A vulnerability in CGAL's polygon-parsing tool allows attackers to crash the program or potentially run malicious code by providing specially crafted input files that cause the software to read memory outside safe boundaries.

Technical detail

An out-of-bounds read vulnerability exists in the Nef polygon parser (SNC_io_parser::read_sloop function) when processing malformed input, allowing an attacker to access invalid memory regions and potentially achieve code execution through crafted polygon data.

Summary generated and translated by AI from the official description.
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
n/a · CGAL

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.debian.org/debian-lts-announce/2021/05/msg00002.htmlhttps://lists.debian.org/debian-lts-announce/2022/12/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/https://security.gentoo.org/glsa/202305-34https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225