CVE-2020-28616

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-28616

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28616.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-28616

Related

Published

2022-04-18T17:15:13Z

Modified

2024-10-12T06:31:30.291026Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in NefS2/SNCioparser.h SNCioparser<EW>::readvertex() vh->sfaces_begin().

References

Affected packages

Debian:11 / cgal

Package

Name: cgal
Purl: pkg:deb/debian/cgal?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cgal

Package

Name: cgal
Purl: pkg:deb/debian/cgal?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cgal

Package

Name: cgal
Purl: pkg:deb/debian/cgal?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/cgal/cgal

Affected ranges

Type: GIT
Repo: https://github.com/cgal/cgal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8b649c42a258e3db346f19cb3ae89eca5fea877d

Affected versions

4.*

4.14_branch_before_no_tws_nor_tabs

5.*

5.0_branch_before_no_tws_nor_tab

Other

master_before_no_tws_nor_tabs

releases/CGAL-3.*

releases/CGAL-3.9-beta1

releases/CGAL-4.*

releases/CGAL-4.0

releases/CGAL-4.10

releases/CGAL-4.10-beta1

releases/CGAL-4.10.1

releases/CGAL-4.10.2

releases/CGAL-4.11

releases/CGAL-4.11-beta1

releases/CGAL-4.11.1

releases/CGAL-4.11.2

releases/CGAL-4.11.3

releases/CGAL-4.12

releases/CGAL-4.12-beta1

releases/CGAL-4.12-beta2

releases/CGAL-4.12.1

releases/CGAL-4.12.2

releases/CGAL-4.13

releases/CGAL-4.13-beta1

releases/CGAL-4.13-beta2

releases/CGAL-4.13.1

releases/CGAL-4.13.2

releases/CGAL-4.14

releases/CGAL-4.14-beta1

releases/CGAL-4.14-beta2

releases/CGAL-4.14-beta3

releases/CGAL-4.14-beta4

releases/CGAL-4.14.1

releases/CGAL-4.14.2

releases/CGAL-4.14.3

releases/CGAL-4.2

releases/CGAL-4.2-beta1

releases/CGAL-4.3

releases/CGAL-4.3-beta1

releases/CGAL-4.3-scripts

releases/CGAL-4.4

releases/CGAL-4.4-beta1

releases/CGAL-4.5

releases/CGAL-4.5-beta1

releases/CGAL-4.5.1

releases/CGAL-4.5.2

releases/CGAL-4.6

releases/CGAL-4.6-beta1

releases/CGAL-4.6.1

releases/CGAL-4.6.2

releases/CGAL-4.6.3

releases/CGAL-4.7

releases/CGAL-4.7-beta1

releases/CGAL-4.7-beta2

releases/CGAL-4.7-branch-tip

releases/CGAL-4.8

releases/CGAL-4.8-beta1

releases/CGAL-4.8-beta2

releases/CGAL-4.8-branch-tip

releases/CGAL-4.8.1

releases/CGAL-4.8.2

releases/CGAL-4.9

releases/CGAL-4.9-beta1

releases/CGAL-4.9-branch-tip

releases/CGAL-4.9.1

releases/CGAL-5.*

releases/CGAL-5.0

releases/CGAL-5.0-beta1

releases/CGAL-5.0-beta2

releases/CGAL-5.0.1

releases/CGAL-5.0.2

releases/CGAL-5.0.3

releases/CGAL-5.1-beta1

releases/CGAL-5.1-beta2

v4.*

v4.14

v4.14.1

v4.14.2

v4.14.3

v4.14.x-tip

v5.*

v5.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1

v5.1-beta1

v5.1-beta2

v5.1.1