CVE-2023-35953

Name of the Vulnerable Software and Affected Versions libigl version 2.4.0

Description The issue is related to multiple stack-based buffer overflow vulnerabilities in the readOFF.cpp functionality. These vulnerabilities can be triggered by a specially-crafted .off file, leading to a buffer overflow and allowing an attacker to execute arbitrary code. The vulnerability exists within the code responsible for parsing comments within the geometric vertices section of an OFF file.

Recommendations For libigl version 2.4.0, consider avoiding the use of the readOFF.cpp functionality until a patch is available. As a temporary workaround, restrict the parsing of comments within the geometric vertices section of OFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.