Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Debian 10: DLA-3226-1 Critical: Cgal Code Execution Issues

debian lts
Calendar Grey December 6, 2022
Scroller Debian Lts
Cgal patch released to mitigate various execution vulnerabilities in Debian. Update now to safeguard against potential attacks.
When parsing files containing Nef polygon data, several memory access violations may happen

Summary

CVE-2020-28601

A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
An attacker can provide malicious input to trigger this
vulnerability.

CVE-2020-28602

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex()
Halfedge_of[].

CVE-2020-28603

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: cgal
Version: 4.13-1+deb10u1
CVE ID: CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604
Debian Bug: 985671

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.