VYPR
Unrated severityNVD Advisory· Published May 28, 2024· Updated Feb 13, 2025

CVE-2024-24684

CVE-2024-24684

Description

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the header parsing occuring while processing an .off file via the readOFF function.

We can see above that at [0] a stack-based buffer called comment is defined with an hardcoded size of 1000 bytes. The call to fscanf at [1] is unsafe and if the first line of the header of the .off files is longer than 1000 bytes it will overflow the header buffer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Libgd/Libiglllm-fuzzy2 versions
    = 2.5.0+ 1 more
    • (no CPE)range: = 2.5.0
    • (no CPE)range: v2.5.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.