PT-2024-20470 · Libigl · Libigl

Philippe Laulheret

Published

2024-05-28

Updated

2024-06-10

CVE-2024-24584

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions libigl version 2.5.0

Description Multiple out-of-bounds read issues exist in the readMSH functionality. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this issue, which concerns the readMSH function while processing MshLoader::ELEMENT TET elements.

Recommendations For libigl version 2.5.0, consider disabling the readMSH function until a patch is available to prevent exploitation. Restrict access to processing MshLoader::ELEMENT TET elements to minimize the risk of out-of-bounds read issues. Avoid using the readMSH function with untrusted .msh files until the issue is resolved.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-24584

Affected Products

Libigl

PT-2024-20470 · Libigl · Libigl

CVE-2024-24584

Weakness Enumeration

Related Identifiers

Affected Products

References · 8