CVE-2020-35636
Description
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in CGAL's Nef polygon parser allows code execution via a crafted file.
Vulnerability
The vulnerability resides in the Nef_S2/SNC_io_parser.h file within the SNC_io_parser::read_sface() function. When parsing a malformed .nef3 file, the code accesses sfh->volume() without proper bounds checking, leading to an out-of-bounds read and type confusion. This affects CGAL libcgal version 5.1.1 [1].
Exploitation
An attacker can exploit this by providing a specially crafted malformed .nef3 file. No authentication or user interaction beyond opening the file is required. The out-of-bounds read can be leveraged to cause type confusion, potentially leading to code execution [1].
Impact
Successful exploitation could allow arbitrary code execution in the context of the application using CGAL. The CVSSv3 score is 10.0 (Critical) with a network attack vector, low complexity, no privileges required, no user interaction, and changed scope [1].
Mitigation
Upgrade to CGAL version 5.4.1 or later, as recommended by Gentoo GLSA 202305-34 [2]. No workaround is available [2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CGAL/libcgaldescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- security.gentoo.org/glsa/202305-34mitrevendor-advisory
- lists.debian.org/debian-lts-announce/2022/12/msg00011.htmlmitremailing-list
- talosintelligence.com/vulnerability_reports/TALOS-2020-1225mitre
News mentions
0No linked articles in our index yet.