Debian 10: DLA-3226-1 Critical: Cgal Code Execution Issues
debian lts
December 6, 2022
When parsing files containing Nef polygon data, several memory access violations may happen
Topics Covered
Summary
CVE-2020-28601
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
An attacker can provide malicious input to trigger this
vulnerability.
CVE-2020-28602
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser
Halfedge_of[].
CVE-2020-28603
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: cgal
Version: 4.13-1+deb10u1
CVE ID: CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604
Debian Bug: 985671
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!