CVE-2020-35636

Name of the Vulnerable Software and Affected Versions CGAL versions 5.1.1

Description The issue is related to a code execution vulnerability in the Nef polygon-parsing functionality. It is caused by an out-of-bounds read and type confusion when parsing a specially crafted malformed file. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be triggered by providing malicious input.

Recommendations For CGAL version 5.1.1, consider disabling the read sface() function in SNC io parser.h until a patch is available to prevent exploitation. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using the sfh->volume() function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.