CVE-2020-28601

Name of the Vulnerable Software and Affected Versions CGAL libcgal version CGAL-5.1.1

Description The issue is related to an error in parsing Nef polygons in the PM io parser::read vertex() function of the CGAL library. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability exists in the Nef polygon-parsing functionality and is triggered by an out-of-bounds read in the PM io parser::read vertex() function. An attacker can exploit this by providing malicious input.

Recommendations For CGAL libcgal version CGAL-5.1.1, consider disabling the PM io parser::read vertex() function until a patch is available to prevent exploitation. Restrict access to the Nef 2/PM io parser.h module to minimize the risk of exploitation. Avoid using the Face of[] array in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.