CVE-2020-28616

Name of the Vulnerable Software and Affected Versions CGAL versions prior to 5.1.1 CGAL libcgal version 5.1.1

Description The issue is related to unverified array indexing in the SNC io parser<EW>::read vertex() function of the Nef S2/SNC io parser.h component in the CGAL library. This can be exploited by a remote attacker using a specially crafted file, potentially leading to unauthorized access to confidential data, data integrity violations, and denial of service. The vulnerability also involves out-of-bounds read and type confusion, which could result in code execution.

Recommendations For CGAL versions prior to 5.1.1, consider updating to a version that includes the fix for this issue. For CGAL libcgal version 5.1.1, as a temporary workaround, consider restricting the use of the SNC io parser<EW>::read vertex() function until a patch is available. Avoid using the vh->sfaces begin() function in the affected SNC io parser<EW>::read vertex() function until the issue is resolved.