CVE-2020-35636 in libcgal
Summary
by MITRE • 03/05/2021
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/28/2021
The vulnerability CVE-2020-35636 represents a critical code execution flaw within the Computational Geometry Algorithms Library (CGAL) version 5.1.1, specifically within its Nef polygon-parsing functionality. This issue manifests as an out-of-bounds read condition that occurs during the parsing of Nef polyhedra, which are used to represent planar subdivisions with holes and complex topological structures. The vulnerability is embedded within the SNC_io_parser::read_sface() function located in the Nef_S2/SNC_io_parser.h file, making it accessible through the library's input parsing mechanisms for geometric data.
The technical flaw stems from insufficient bounds checking during the parsing of surface faces within the Nef polyhedral structure. When the SNC_io_parser processes input data representing geometric regions, the function attempts to access memory locations beyond the allocated buffer boundaries while reading the volume component of surface faces. This out-of-bounds memory access can be exploited by attackers who craft malicious input files containing specially formatted geometric data that triggers the vulnerable code path. The vulnerability operates at the intersection of memory safety and geometric computation, where the library's robustness against malformed input is compromised.
The operational impact of this vulnerability is severe as it enables remote code execution when the affected library processes untrusted geometric input data. Attackers can construct malicious polygonal data structures that, when parsed by the vulnerable CGAL library, cause the application to execute arbitrary code with the privileges of the victim process. This makes the vulnerability particularly dangerous in applications that process user-provided geometric data, such as CAD software, geographic information systems, or any system that utilizes CGAL for computational geometry operations. The vulnerability affects systems where CGAL 5.1.1 is integrated, potentially compromising entire applications that depend on this library for geometric computations.
Mitigation strategies for CVE-2020-35636 involve immediate upgrading to CGAL version 5.1.2 or later, which contains the necessary patches to address the out-of-bounds read condition. Organizations should also implement input validation and sanitization measures when processing geometric data, ensuring that all external inputs are properly validated before being parsed by the CGAL library. Additionally, deploying defensive programming practices such as bounds checking, memory safety validations, and runtime input constraints can help reduce the attack surface. The vulnerability aligns with CWE-129, which addresses improper validation of array indices, and may be categorized under ATT&CK technique T1059 for execution through malicious code injection, highlighting the need for comprehensive security measures in computational geometry software.