Candidate: CVE-2020-28610
PublicDate: 2022-04-18 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28610
 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Description:
 Multiple code execution vulnerabilities exists in the Nef polygon-parsing
 functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed
 file can lead to an out-of-bounds read and type confusion, which could lead
 to code execution. An attacker can provide malicious input to trigger any
 of these vulnerabilities. An oob read vulnerability exists in
 Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985671
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_cgal:
upstream_cgal: released (5.2-3)
trusty/esm_cgal: needs-triage
trusty_cgal: ignored (out of standard support)
xenial_cgal: ignored (out of standard support)
bionic_cgal: needs-triage
focal_cgal: needs-triage
impish_cgal: not-affected (5.2-3)
jammy_cgal: not-affected
devel_cgal: not-affected