CVE-2020-28610

Vulnerability

The vulnerability resides in the Nef polygon-parsing functionality of the CGAL library (libcgal) version CGAL-5.1.1 and possibly earlier versions [1]. Specifically, an out-of-bounds read and type confusion occurs in the SM_io_parser<Decorator_>::read_vertex() function within the file Nef_S2/SM_io_parser.h, when processing malformed .nef3 files. The attacker does not require any special privileges or authentication, as the parsing is triggerable by providing a crafted input file through network or local means [1].

Exploitation

An attacker can exploit this vulnerability by supplying a specially crafted .nef3 file to an application using CGAL's Nef polygon parsing. No user interaction beyond opening or processing the file is required. The out-of-bounds read and type confusion occur when reading vertex data during parsing, allowing the attacker to alter control flow [1].

Impact

Successful exploitation leads to arbitrary code execution with the permissions of the process using CGAL. Given the high CVSS score (10.0) [1], the impact includes complete compromise of confidentiality, integrity, and availability, with potential for privilege escalation depending on the application context.

Mitigation

The vendor (CGAL Project) has not released a specific patch for CVE-2020-28610 at the time of publication. However, the Gentoo Linux security advisory recommends upgrading to CGAL version 5.4.1 or later [2]. Users should update to the latest version if available, or apply any vendor-issued patches. No workaround is known [2].