CVE-2020-28635

Name of the Vulnerable Software and Affected Versions CGAL libcgal version 5.1.1

Description The issue is related to the Nef polygon-parsing functionality, where a specially crafted malformed file can lead to an out-of-bounds read and type confusion, potentially resulting in code execution. An attacker can provide malicious input to trigger this issue. The vulnerability is associated with the SNC io parser<EW>::read sedge() function in the Nef S2/SNC io parser.h component of the CGAL library, which is linked to unchecked array indexing. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For CGAL libcgal version 5.1.1, consider disabling the SNC io parser<EW>::read sedge() function as a temporary workaround until a patch is available. Restrict access to the Nef S2/SNC io parser.h module to minimize the risk of exploitation. Avoid using malicious input to trigger the vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.