Your submission was sent successfully! Close

CVE-2020-35636

Published: 04 March 2021

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
cgal
Launchpad, Ubuntu, Debian
Upstream
Released (5.2-3)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(5.2-3)
Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage