CVE-2020-28636
Description
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in CGAL libcgal's Nef polygon-parsing code allows remote code execution via a crafted .nef3 file.
Vulnerability
An out-of-bounds read vulnerability exists in the Nef_S2/SNC_io_parser.h function SNC_io_parser::read_sloop() when processing the slh->twin() pointer in CGAL libcgal version 5.1.1. The bug resides in the Nef polygon-parsing functionality for 3D (Nef_3) and related modules (Nef_2, Nef_S2). A specially crafted malformed .nef3 file can trigger the out-of-bounds access, leading to type confusion and potential code execution [1].
Exploitation
An attacker with network access can provide a malicious .nef3 input file to an application using the CGAL library. No authentication or user interaction beyond loading the file is required [1]. The crafted input causes an improper array index validation (CWE-129) during the parsing of the Selective Nef Complex, resulting in an out-of-bounds read [1].
Impact
Successful exploitation allows arbitrary code execution in the context of the application using CGAL. This can lead to full confidentiality, integrity, and availability compromise (CVSSv3 base score 10.0). The scope is changed (S:C), meaning the attack can affect resources beyond the vulnerable component [1].
Mitigation
The fixed version is CGAL 5.4.1, released by the Gentoo project as a security update (GLSA 202305-34) [4]. Users should upgrade to CGAL 5.4.1 or later. No workaround is known at this time [4].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CGAL/libcgaldescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/mitrevendor-advisory
- security.gentoo.org/glsa/202305-34mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2021/05/msg00002.htmlmitremailing-list
- lists.debian.org/debian-lts-announce/2022/12/msg00011.htmlmitremailing-list
- talosintelligence.com/vulnerability_reports/TALOS-2020-1225mitre
News mentions
0No linked articles in our index yet.