CVE-2024-23951

2024-05-2814:02:41

CWE-787

talos

www.cve.org

cve-2024-23951

improper array index validation

out-of-bounds write

libigl

mshloader

parse_element_field

ascii.msh file

security vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the igl::MshLoader::parse_element_field function while handling an ascii.msh` file.

CNA Affected

[
  {
    "vendor": "libigl",
    "product": "libigl",
    "versions": [
      {
        "version": "v2.5.0",
        "status": "affected"
      }
    ]
  }
]