CVE-2020-28608

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-28608
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28608.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-28608
Related
Published
2022-04-18T17:15:12Z
Modified
2024-10-12T06:30:30.364270Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef2/PMioparser.h PMioparser<PMDEC>::readface() store_fc().

References

Affected packages

Debian:11 / cgal

Package

Name
cgal
Purl
pkg:deb/debian/cgal?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cgal

Package

Name
cgal
Purl
pkg:deb/debian/cgal?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cgal

Package

Name
cgal
Purl
pkg:deb/debian/cgal?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/cgal/cgal

Affected ranges

Type
GIT
Repo
https://github.com/cgal/cgal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

4.*

4.14_branch_before_no_tws_nor_tabs

5.*

5.0_branch_before_no_tws_nor_tab

Other

master_before_no_tws_nor_tabs

releases/CGAL-3.*

releases/CGAL-3.9-beta1

releases/CGAL-4.*

releases/CGAL-4.0
releases/CGAL-4.10
releases/CGAL-4.10-beta1
releases/CGAL-4.10.1
releases/CGAL-4.10.2
releases/CGAL-4.11
releases/CGAL-4.11-beta1
releases/CGAL-4.11.1
releases/CGAL-4.11.2
releases/CGAL-4.11.3
releases/CGAL-4.12
releases/CGAL-4.12-beta1
releases/CGAL-4.12-beta2
releases/CGAL-4.12.1
releases/CGAL-4.12.2
releases/CGAL-4.13
releases/CGAL-4.13-beta1
releases/CGAL-4.13-beta2
releases/CGAL-4.13.1
releases/CGAL-4.13.2
releases/CGAL-4.14
releases/CGAL-4.14-beta1
releases/CGAL-4.14-beta2
releases/CGAL-4.14-beta3
releases/CGAL-4.14-beta4
releases/CGAL-4.14.1
releases/CGAL-4.14.2
releases/CGAL-4.14.3
releases/CGAL-4.2
releases/CGAL-4.2-beta1
releases/CGAL-4.3
releases/CGAL-4.3-beta1
releases/CGAL-4.3-scripts
releases/CGAL-4.4
releases/CGAL-4.4-beta1
releases/CGAL-4.5
releases/CGAL-4.5-beta1
releases/CGAL-4.5.1
releases/CGAL-4.5.2
releases/CGAL-4.6
releases/CGAL-4.6-beta1
releases/CGAL-4.6.1
releases/CGAL-4.6.2
releases/CGAL-4.6.3
releases/CGAL-4.7
releases/CGAL-4.7-beta1
releases/CGAL-4.7-beta2
releases/CGAL-4.7-branch-tip
releases/CGAL-4.8
releases/CGAL-4.8-beta1
releases/CGAL-4.8-beta2
releases/CGAL-4.8-branch-tip
releases/CGAL-4.8.1
releases/CGAL-4.8.2
releases/CGAL-4.9
releases/CGAL-4.9-beta1
releases/CGAL-4.9-branch-tip
releases/CGAL-4.9.1

releases/CGAL-5.*

releases/CGAL-5.0
releases/CGAL-5.0-beta1
releases/CGAL-5.0-beta2
releases/CGAL-5.0.1
releases/CGAL-5.0.2
releases/CGAL-5.0.3
releases/CGAL-5.1-beta1
releases/CGAL-5.1-beta2

v4.*

v4.14
v4.14.1
v4.14.2
v4.14.3
v4.14.x-tip

v5.*

v5.0
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1
v5.1-beta1
v5.1-beta2
v5.1.1