CVE-2020-35634

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description A code execution vulnerability exists in the Nef polygon-parsing functionality. An out-of-bounds read vulnerability is present in the SNC io parser<EW>::read sface() function, which can lead to type confusion and potentially allow code execution. This can be triggered by a specially crafted malformed file, allowing an attacker to provide malicious input and exploit the vulnerability. The issue is related to a buffer data boundary read vulnerability, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a distorted file.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the SNC io parser<EW>::read sface() function until a patch is available to prevent exploitation. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using malformed files that could trigger the out-of-bounds read vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.