Ubuntu.comUB:CVE-2020-35635CVE-2020-35635
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
81.2%
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A
specially crafted malformed file can lead to an out-of-bounds read and type
confusion, which could lead to code execution. An attacker can provide
malicious input to trigger this vulnerability.
Notes
| Author | Note |
|---|---|
| pfsmorigo | possible regression introduced by fix, see GH issue 5514 |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
81.2%