CVE-2020-28601
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.
Affected (5)
Products: Cgal: Computational Geometry Algorithms Library · Fedoraproject: Fedora · Debian: Debian Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.1.1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 33 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.0 |
Related CWEs
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-129
Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
References (12)
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
Source: talos-cna@cisco.com
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Timeline
No history available yet.