CVE-2023-35949

Name of the Vulnerable Software and Affected Versions libigl version 2.4.0

Description The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerabilities exist within the code responsible for parsing geometric faces of an OFF file.

Recommendations For libigl version 2.4.0, consider disabling the readOFF.cpp functionality until a patch is available to prevent potential exploitation. Restrict access to .off files to minimize the risk of triggering the buffer overflow vulnerabilities. Avoid using the readOFF.cpp functionality to parse geometric faces of an OFF file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.