CVE-2020-28602

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger these vulnerabilities. An out-of-bounds read vulnerability exists in Nef 2/PM io parser.h PM io parser<PMDEC>::read vertex() Halfedge of[]. This vulnerability is related to unchecked array indexing, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file.

Recommendations For CGAL libcgal version 5.1.1, as a temporary workaround, consider disabling the PM io parser<PMDEC>::read vertex() function until a patch is available. Restrict access to the Nef 2/PM io parser.h module to minimize the risk of exploitation. Avoid using the Halfedge of[] variable in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.