CVE-2020-28612

Name of the Vulnerable Software and Affected Versions CGAL versions prior to 5.1.1 CGAL libcgal version 5.1.1

Description The issue is related to the SNC io parser<EW>::read vertex() function in the Nef S2/SNC io parser.h component of the CGAL library, which is used for computational geometry algorithms. This function has a problem with reading beyond the valid boundaries of a data buffer. An attacker, acting remotely, can exploit this to access confidential data, compromise its integrity, and cause a denial of service by using a specially crafted file. The vulnerability can also lead to code execution due to an out-of-bounds read and type confusion when parsing a malformed file.

Recommendations For CGAL versions prior to 5.1.1, consider updating to a version that includes the fix for this issue. For CGAL libcgal version 5.1.1, as a temporary workaround, consider restricting the use of the SNC io parser<EW>::read vertex() function until a patch is available. Avoid using the vh->svertices begin() function in the affected Nef S2/SNC io parser.h component until the issue is resolved.