CVE-2024-23949

2024-05-2814:02:41

CWE-787

talos

github.com

array index validation

libigl v2.5.0

readmsh

out-of-bounds write

specially crafted

.msh file

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.3%

JSON

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the igl::MshLoader::parse_node_field function while handling an ascii.msh` file.

CNA Affected

[
  {
    "vendor": "libigl",
    "product": "libigl",
    "versions": [
      {
        "status": "affected",
        "version": "v2.5.0"
      }
    ]
  }
]