CVE-2020-28619 in CGAL
Summary
by MITRE • 04/18/2022
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/21/2026
The vulnerability described represents a critical security flaw within the computational geometry library CGAL, specifically within its polygon-parsing functionality that handles Nef polygons. This class of vulnerability falls under the Common Weakness Enumeration category CWE-125 for out-of-bounds read conditions and CWE-476 for null pointer dereference scenarios that can lead to type confusion. The issue manifests in the Nef_S2/SNC_io_parser.h file within the SNC_io_parser<EW>::read_edge() function where the execution flow encounters an out-of-bounds read condition when processing the eh->twin() operation. This particular code path demonstrates how malformed input can cause memory access violations that bypass normal program execution boundaries.
The technical exploitation of this vulnerability occurs through the manipulation of input data that the CGAL library uses to parse polygonal structures within the Nef geometry framework. When an attacker supplies a specially crafted malformed file, the parsing routine fails to properly validate the input structure, leading to memory corruption that can be leveraged for code execution. The out-of-bounds read vulnerability specifically targets the twin() method invocation within the edge handling mechanism, where the library attempts to access memory locations beyond the allocated bounds of the data structure. This type of vulnerability can be classified under the ATT&CK framework as a code injection technique, specifically targeting memory corruption vulnerabilities in third-party libraries that are widely used in computational geometry applications.
The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it creates a potential pathway for remote code execution on systems that utilize CGAL for processing user-supplied geometric data. Applications that depend on CGAL for polygon operations, including CAD software, geographic information systems, and computational geometry tools, could be compromised if they process untrusted input without proper validation. The vulnerability affects CGAL version 5.1.1 specifically, indicating that this is a regression or newly discovered flaw within the library's polygon parsing infrastructure. The memory corruption resulting from the out-of-bounds read can lead to unpredictable program behavior, potentially allowing attackers to execute arbitrary code with the privileges of the affected application. This makes the vulnerability particularly dangerous in environments where CGAL is used to process untrusted data from external sources.
Mitigation strategies for this vulnerability should focus on input validation and boundary checking within the CGAL library itself, as well as proper sandboxing of polygon parsing operations in applications that process external data. The recommended approach includes implementing comprehensive input sanitization routines that validate polygon structure before processing, utilizing memory safety features such as address sanitizers, and applying patches from the CGAL development team as soon as they become available. Organizations should also consider employing runtime monitoring tools that can detect anomalous memory access patterns and implement network segmentation to limit the potential impact of successful exploitation attempts. The vulnerability underscores the importance of proper input validation in mathematical and geometric computing libraries, as these components often handle complex data structures that can be easily corrupted through malformed input sequences.