CVE-2020-28623 in CGALinfo

Summary

by MITRE • 04/18/2022

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser&lt;EW&gt;::read_facet() fh-&gt;twin().

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

Talos

Reservation

11/13/2020

Disclosure

04/18/2022

Moderation

accepted

Entry

VDB-197604

CPE

ready

CWE

CWE-129 (confirmed)

CVSS

10.0 (CNA)

EPSS

0.02224

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-28623
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-28623
CVE Details	https://www.cvedetails.com/cve/CVE-2020-28623/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!