CVE-2020-35635 — Vulnetix

CVE-2020-35635 PUBLISHED

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

EPSS 0.88% · 75.7th percentile

Risk Scores

EPSS Score

0.88%

75.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	cgal	4.7-4, 0, 4.6.1-2ubuntu6
Ubuntu:14.04:LTS	cgal	0, 4.2-4ubuntu2, 4.2-5ubuntu1
Ubuntu:20.04:LTS	cgal	4.14-5, 5.0.2-3, 0
Ubuntu:18.04:LTS	cgal	0, 4.11-2, 4.11-2build1

Exploit Intelligence

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 (nist-nvd)
[debian-lts-announce] 20221206 [SECURITY] [DLA 3226-1] cgal security update (circl)
GLSA-202305-34 (circl)

Timeline

Aug 30, 2021 CVE Published
Aug 31, 2021 EPSS Score
Oct 28, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 21, 2022 EPSS Score
Apr 20, 2022 EPSS Score
Jun 17, 2022 EPSS Score
Aug 15, 2022 EPSS Score
Oct 12, 2022 EPSS Score
Feb 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-35635 third-party-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 third-party-advisory
https://github.com/CGAL/cgal/pull/5371 third-party-advisory
https://github.com/CGAL/cgal/issues/5514 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-35635 third-party-advisory

Open in Interactive Console →