CVE-2020-35633

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description A code execution vulnerability exists in the Nef polygon-parsing functionality. An out-of-bounds read vulnerability is present in the SNC io parser<EW>::read sface() function, specifically in the store sm boundary item() and Edge of components. This can be triggered by a specially crafted malformed file, leading to an out-of-bounds read and type confusion, which could result in code execution. An attacker can exploit this by providing malicious input. The vulnerability allows a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a corrupted file.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the store sm boundary item() function or restricting access to the SNC io parser.h module until a patch is available. Avoid using the Edge of component in the SNC io parser<EW>::read sface() function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.