CVE-2020-28613

Name of the Vulnerable Software and Affected Versions CGAL versions prior to 5.1.1 CGAL-5.1.1

Description The issue is related to unverified array indexing in the SNC io parser::read vertex() function of the Nef S2/SNC io parser.h component in the CGAL library. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted file. Additionally, there are multiple code execution vulnerabilities in the Nef polygon-parsing functionality that can be triggered by a maliciously crafted malformed file, leading to out-of-bounds read and type confusion, which could result in code execution.

Recommendations For CGAL versions prior to 5.1.1, consider disabling the SNC io parser::read vertex() function until a patch is available. For CGAL-5.1.1, restrict access to the Nef S2/SNC io parser.h component to minimize the risk of exploitation. Avoid using the vh->svertices last() variable in the affected API endpoint until the issue is resolved.