CVE-2020-28617 — Vulnetix

CVE-2020-28617 PUBLISHED

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().

EPSS 0.58% · 69.3th percentile

Risk Scores

EPSS Score

0.58%

69.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	cgal	0, 4.14-5, 5.0.2-1ubuntu1
Ubuntu:14.04:LTS	cgal	4.2-5ubuntu1, 4.2-4ubuntu2, 0
Ubuntu:16.04:LTS	cgal	0, 4.7-3, 4.7-4
Ubuntu:18.04:LTS	cgal	0, 4.9-1build2, 4.11-2

Exploit Intelligence

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 (nist-nvd)
[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update (circl)
GLSA-202305-34 (circl)

Timeline

Apr 18, 2022 CVE Published
Apr 19, 2022 EPSS Score
Apr 23, 2022 EPSS Score
Jun 8, 2022 EPSS Score
Sep 17, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Dec 26, 2022 EPSS Score
Feb 14, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 25, 2023 EPSS Score
Jul 14, 2023 EPSS Score
Sep 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-28617 third-party-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-28617 third-party-advisory

Open in Interactive Console →