CVE-2020-35635

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description A code execution issue exists in the Nef polygon-parsing functionality due to an out-of-bounds read in the store sm boundary item() function of Nef S2/SNC io parser.h. This can be triggered by a specially crafted malformed file, leading to type confusion and potentially code execution. An attacker can exploit this by providing malicious input. The issue allows a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a corrupted file.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the read sface() function in SNC io parser as a temporary workaround until a patch is available. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using the store sm boundary item() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.