CVE-2024-24686

Name of the Vulnerable Software and Affected Versions libigl version 2.5.0

Description The issue is related to the readOFF function in the libigl library, which is used for working with geometric objects in C++. It concerns a stack-based buffer overflow vulnerability that can be triggered by a specially crafted .off file. This vulnerability is related to the parsing of comments within the faces section of an .off file processed via the readOFF function. An attacker can provide a malicious file to trigger this vulnerability, potentially allowing them to execute arbitrary code.

Recommendations For libigl version 2.5.0, consider disabling the readOFF function until a patch is available to prevent potential exploitation. Restrict access to files that could be used to trigger this vulnerability, especially .off files from untrusted sources. Avoid using the readOFF function to parse comments within the faces section of .off files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.