CVE-2020-28617

Name of the Vulnerable Software and Affected Versions CGAL versions prior to 5.1.1 CGAL libcgal version CGAL-5.1.1

Description The issue is related to the Nef polygon-parsing functionality in the CGAL library, specifically in the SNC io parser component. It involves unverified array indexing in the read vertex() function, which can be exploited by a remote attacker using a specially crafted malformed file. This exploitation can lead to unauthorized access to confidential data, disruption of data integrity, and denial of service. The vulnerability also involves out-of-bounds read and type confusion, potentially leading to code execution.

Recommendations For CGAL versions prior to 5.1.1, consider updating to a version that includes the fix for this issue. For CGAL libcgal version CGAL-5.1.1, as a temporary workaround, consider restricting access to the SNC io parser component until a patch is available. Avoid using the read vertex() function in the affected SNC io parser component until the issue is resolved.