CVE-2020-28605

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description The issue is related to the Nef polygon-parsing functionality in CGAL libcgal. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, potentially resulting in code execution. The vulnerability is also associated with unchecked array indexing in the PM io parser<PMDEC>::read hedge() function, specifically in the e->set vertex() call. This could allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service using a specially crafted file. The PM io parser<PMDEC>::read hedge() function in the Nef 2/PM io parser.h component of the CGAL library is affected.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the PM io parser<PMDEC>::read hedge() function until a patch is available to prevent potential code execution and data integrity issues. Restrict access to the Nef 2/PM io parser.h component to minimize the risk of exploitation. Avoid using the e->set vertex() call in the affected PM io parser<PMDEC>::read hedge() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.