Debian LTS: DLA-3226-1: cgal security update
Summary
CVE-2020-28601
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
An attacker can provide malicious input to trigger this
vulnerability.
CVE-2020-28602
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
Halfedge_of[].
CVE-2020-28603
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
CVE-2020-28604
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
CVE-2020-28605
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read exists in
Nef_2/PM_io_parser.h PM_io_parser
e->set_vertex().
CVE-2020-28606
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
CVE-2020-28607
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
CVE-2020-28608
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
CVE-2020-28609
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
CVE-2020-28610
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser
set_face().
CVE-2020-28611
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser
set_first_out_edge().
CVE-2020-28612
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->svertices_begin().
CVE-2020-28613
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->svertices_last().
CVE-2020-28614
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->shalfedges_begin().
CVE-2020-28615
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->shalfedges_last().
CVE-2020-28616
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->sfaces_begin().
CVE-2020-28617
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->sfaces_last().
CVE-2020-28618
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
vh->shalfloop().
CVE-2020-28619
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28620
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
eh->center_vertex():.
CVE-2020-28621
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
eh->out_sedge().
CVE-2020-28622
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
eh->incident_sface().
CVE-2020-28623
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28624
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
fh->boundary_entry_objects SEdge_of.
CVE-2020-28625
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
fh->boundary_entry_objects SLoop_of.
CVE-2020-28626
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
fh->incident_volume().
CVE-2020-28627
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
ch->shell_entry_objects().
CVE-2020-28628
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28629
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28630
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28631
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28632
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
seh->incident_sface().
CVE-2020-28633
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28634
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28635
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-28636
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An
attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35628
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop()
slh->incident_sface. An attacker can provide malicious input to
trigger this vulnerability.
CVE-2020-35629
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
CVE-2020-35630
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
sfh->center_vertex().
CVE-2020-35631
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
SD.link_as_face_cycle().
CVE-2020-35632
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
sfh->boundary_entry_objects Edge_of.
CVE-2020-35633
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
store_sm_boundary_item() Edge_of.A specially crafted malformed file
can lead to an out-of-bounds read and type confusion, which could
lead to code execution. An attacker can provide malicious input to
trigger this vulnerability.
CVE-2020-35634
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser
sfh->boundary_entry_objects Sloop_of. A specially crafted malformed
file can lead to an out-of-bounds read and type confusion, which
could lead to code execution. An attacker can provide malicious input
to trigger this vulnerability.
CVE-2020-35635
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB
read. A specially crafted malformed file can lead to an out-of-bounds
read and type confusion, which could lead to code execution. An
attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35636
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() sfh->volume() OOB read. A specially
crafted malformed file can lead to an out-of-bounds read and type
confusion, which could lead to code execution. An attacker can
provide malicious input to trigger this vulnerability.
For Debian 10 buster, these problems have been fixed in version
4.13-1+deb10u1.
We recommend that you upgrade your cgal packages.
For the detailed security status of cgal please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/cgal
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS