CVE-2020-35632

Name of the Vulnerable Software and Affected Versions CGAL versions prior to 5.1.1

Description The issue is related to unverified array indexing in the SNC io parser::read sface() function of the CGAL library, specifically in the Nef S2/SNC io parser.h component. This can be exploited by a remote attacker using a specially crafted file, potentially leading to unauthorized access to confidential data, data integrity breaches, and denial of service. The vulnerability can also lead to out-of-bounds read and type confusion, resulting in code execution. An attacker can trigger this issue by providing malicious input.

Recommendations For CGAL versions prior to 5.1.1, consider disabling the SNC io parser::read sface() function until a patch is available to prevent exploitation. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using the boundary entry objects and Edge of variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.