CVE-2020-35630

2022-04-1816:56:41

CWE-129

talos

www.cve.org

cve-2020-35630

code execution

vulnerabilities

nef polygon

cgal libcgal

out-of-bounds read

type confusion

malicious input

oob read

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.005

Percentile

76.7%

JSON

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().

CNA Affected

[
  {
    "vendor": "CGAL Project",
    "product": "libcgal",
    "versions": [
      {
        "version": "CGAL-5.1.1",
        "status": "affected"
      }
    ]
  }
]