CVE-2020-35633

Published: Aug 30, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

Affected (2)

Products: Cgal: Computational Geometry Algorithms Library · Debian: Debian Linux

1 product

Computational Geometry Algorithms Library

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cgal Computational Geometry Algorithms Library	Version 5.1.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (6)

https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html

Source: talos-cna@cisco.com

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202305-34

Source: talos-cna@cisco.com

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202305-34

Source: af854a3a-2127-422b-91ae-364da2661108

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.