CVE-2020-28618

Name of the Vulnerable Software and Affected Versions CGAL versions prior to 5.1.1

Description The issue is related to unverified array indexing in the SNC io parser<EW>::read vertex() function of the Nef S2/SNC io parser.h component in the CGAL library. This can be exploited by a remote attacker using a specially crafted file, potentially leading to unauthorized access to confidential data, data integrity breaches, and denial of service. The vulnerability also involves out-of-bounds read and type confusion, which could result in code execution.

Recommendations For CGAL versions prior to 5.1.1, consider updating to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the SNC io parser<EW>::read vertex() function and the vh->shalfloop() method to minimize the risk of exploitation. Avoid using malicious input to trigger the vulnerability in the affected API endpoint until the issue is resolved.