CVE-2024-23951

Name of the Vulnerable Software and Affected Versions libigl version 2.5.0

Description The issue arises from multiple improper array index validation vulnerabilities in the readMSH functionality. A specially crafted .msh file can lead to an out-of-bounds write. This can be triggered by an attacker providing a malicious file. The vulnerability concerns the igl::MshLoader::parse element field function when handling an ascii.msh file.

Recommendations For libigl version 2.5.0, consider disabling the igl::MshLoader::parse element field function when handling ascii.msh files until a patch is available. Restrict access to the readMSH functionality to minimize the risk of exploitation. Avoid using the readMSH functionality with untrusted .msh files until the issue is resolved.