Lucene search

Ubuntu.comUB:CVE-2020-28614

HistoryApr 18, 2022 - 12:00 a.m.

CVE-2020-28614

2022-04-1800:00:00

ubuntu.com

cve-2020-28614

cgal

nef polygon-parsing

code execution

out-of-bounds read

type confusion

malicious input

oob read vulnerability

debian

unix

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.7%

JSON

Multiple code execution vulnerabilities exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed
file can lead to an out-of-bounds read and type confusion, which could lead
to code execution. An attacker can provide malicious input to trigger any
of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
vh->shalfedges_begin().

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985671>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcgal< anyUNKNOWN
ubuntu20.04noarchcgal< anyUNKNOWN
ubuntu14.04noarchcgal< anyUNKNOWN
ubuntu16.04noarchcgal< anyUNKNOWN