CVE-2020-28624

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description The issue exists in the Nef polygon-parsing functionality of CGAL libcgal. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, potentially resulting in code execution. An attacker can provide malicious input to trigger this issue. The vulnerability is related to the SNC io parser<EW>::read facet() function in Nef S2/SNC io parser.h, which can cause an out-of-bounds read.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the SNC io parser<EW>::read facet() function as a temporary workaround until a patch is available. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using malicious input to trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.