CVE-2020-28629

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description The issue is related to the Nef polygon-parsing functionality and is caused by an out-of-bounds read and type confusion in the SNC io parser<EW>::read sedge() function. This can be exploited by an attacker using a specially crafted malformed file, potentially leading to code execution and allowing the attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the SNC io parser<EW>::read sedge() function until a patch is available to prevent exploitation. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using malicious input to trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.