CVE-2020-28607

Name of the Vulnerable Software and Affected Versions CGAL libcgal version CGAL-5.1.1

Description The issue is related to the Nef polygon-parsing functionality, where a specially crafted malformed file can lead to an out-of-bounds read and type confusion, potentially resulting in code execution. An attacker can provide malicious input to trigger this issue. The PM io parser<PMDEC>::read face() function, specifically the set halfedge() component in Nef 2/PM io parser.h, is associated with unchecked array indexing. Exploitation of this issue allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For CGAL libcgal version CGAL-5.1.1, consider disabling the PM io parser<PMDEC>::read face() function or restricting access to the Nef 2/PM io parser.h component until a patch is available. Avoid using malicious input to trigger the out-of-bounds read vulnerability in the set halfedge() function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.