CVE-2020-28620

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description The issue exists in the Nef polygon-parsing functionality of CGAL libcgal, where a specially crafted malformed file can lead to an out-of-bounds read and type confusion, potentially resulting in code execution. An attacker can provide malicious input to trigger this issue. Specifically, an oob read vulnerability exists in the SNC io parser<EW>::read edge() function, particularly in eh->center vertex(). This vulnerability is related to unchecked array indexing in the Nef S2/SNC io parser.h component of the CGAL library, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file.

Recommendations For CGAL libcgal version 5.1.1, as a temporary workaround, consider disabling the SNC io parser<EW>::read edge() function until a patch is available. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using the eh->center vertex() function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.