CVE-2020-35633
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
Se presenta una vulnerabilidad de ejecución de código en la funcionalidad Nef polygon-parsing de CGAL libcgal versión CGAL-5.1.1. Se presenta una vulnerabilidad de lectura en el archivo Nef_S2/SNC_io_parser.h en la función SNC_io_parser(EW)::read_sface() store_sm_boundary_item() Edge_of. Un archivo malformado especialmente diseñado puede conllevar a una lectura fuera de límites y una confusión de tipo, lo que podría conllevar a una ejecución de código. Un atacante puede proporcionar una entrada maliciosa para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2021-08-30 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-129: Improper Validation of Array Index
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202305-34 | 2023-05-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cgal Search vendor "Cgal" | Computational Geometry Algorithms Library Search vendor "Cgal" for product "Computational Geometry Algorithms Library" | 5.1.1 Search vendor "Cgal" for product "Computational Geometry Algorithms Library" and version "5.1.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|