Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2020-28626

HistoryApr 18, 2022 - 5:15 p.m.

CVE-2020-28626

2022-04-1817:15:13

Debian Security Bug Tracker

security-tracker.debian.org

cve-2020-28626

nef polygon-parsing

code execution

vulnerabilities

cgal libcgal

type confusion

malicious input

oob read

specially crafted file

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.7%

JSON

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().

OSVersionArchitecturePackageVersionFilename
Debian12allcgal< 5.2-3cgal_5.2-3_all.deb
Debian11allcgal< 5.2-3cgal_5.2-3_all.deb
Debian999allcgal< 5.2-3cgal_5.2-3_all.deb
Debian13allcgal< 5.2-3cgal_5.2-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cgal	< 5.2-3	cgal_5.2-3_all.deb
Debian	11	all	cgal	< 5.2-3	cgal_5.2-3_all.deb
Debian	999	all	cgal	< 5.2-3	cgal_5.2-3_all.deb
Debian	13	all	cgal	< 5.2-3	cgal_5.2-3_all.deb