CVE-2020-35633 — Vulnetix

CVE-2020-35633 PUBLISHED

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

EPSS 0.39% · 60.7th percentile

Risk Scores

EPSS Score

0.39%

60.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	cgal	4.2-5ubuntu1, 4.2-4ubuntu2, 4.2-4ubuntu1
Ubuntu:20.04:LTS	cgal	0, 4.14-5, 5.0.2-3
Ubuntu:18.04:LTS	cgal	4.9-1build2, 0, 4.11-2
Ubuntu:16.04:LTS	cgal	4.7-3, 4.7-4, 4.6.1-2ubuntu6

Exploit Intelligence

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 (nist-nvd)
[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update (circl)
GLSA-202305-34 (circl)

Timeline

Aug 30, 2021 CVE Published
Aug 31, 2021 EPSS Score
Oct 28, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 21, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 17, 2022 EPSS Score
Aug 15, 2022 EPSS Score
Oct 12, 2022 EPSS Score
Dec 9, 2022 EPSS Score
Mar 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-35633 third-party-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 third-party-advisory
https://github.com/CGAL/cgal/pull/5371 third-party-advisory
https://github.com/CGAL/cgal/issues/5514 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-35633 third-party-advisory

Open in Interactive Console →