CVE-2020-28621

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description The issue is related to the Nef polygon-parsing functionality and involves an out-of-bounds read and type confusion, potentially leading to code execution. This can be triggered by a specially crafted malformed file, allowing an attacker to execute malicious code. The SNC io parser<EW>::read edge() function in the Nef S2/SNC io parser.h component of the CGAL library is specifically affected, with the eh->out sedge() part being vulnerable to exploitation. An attacker can provide malicious input to trigger this vulnerability, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the SNC io parser<EW>::read edge() function until a patch is available to prevent exploitation. Restrict access to the Nef S2/SNC io parser.h component to minimize the risk of exploitation. Avoid using maliciously crafted files that could trigger the out-of-bounds read and type confusion vulnerabilities. At the moment, there is no information about a newer version that contains a fix for this vulnerability.