CVE-2020-35628

Name of the Vulnerable Software and Affected Versions CGAL libcgal version CGAL-5.1.1

Description A code execution vulnerability exists in the Nef polygon-parsing functionality. An out-of-bounds read vulnerability exists in the SNC io parser::read sloop() function in the Nef S2/SNC io parser.h file, specifically in slh->incident sface. This can be triggered by an attacker providing malicious input. The vulnerability may allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For CGAL libcgal version CGAL-5.1.1, consider disabling the SNC io parser::read sloop() function or restricting access to the Nef S2/SNC io parser.h file until a patch is available. Avoid using the slh->incident sface variable in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.