CVE-2024-24684

Name of the Vulnerable Software and Affected Versions libigl version 2.5.0

Description The issue concerns the header parsing that occurs while processing an .off file via the readOFF function. A specially crafted .off file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. The readOFF function defines a stack-based buffer called comment with an hardcoded size of 1000 bytes. The call to fscanf is unsafe and if the first line of the header of the .off files is longer than 1000 bytes, it will overflow the header buffer.

Recommendations To resolve the issue, update libigl to a version that fixes the vulnerability in the readOFF function. As a temporary workaround, consider restricting the use of the readOFF function until a patch is available. Avoid using the fscanf function with untrusted input in the readOFF function until the issue is resolved. Restrict access to the comment buffer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.