Debian Security Advisory
DLA-2649-1 cgal -- LTS security update
- Date Reported:
- 04 May 2021
- Affected Packages:
- cgal
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-28601, CVE-2020-28636, CVE-2020-35628, CVE-2020-35636.
- More information:
-
Four security issues have been discovered in cgal. A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL.
- CVE-2020-28601
An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.
- CVE-2020-28636
An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.
- CVE-2020-35628
An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
- CVE-2020-35636
An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.
For Debian 9 stretch, these problems have been fixed in version 4.9-1+deb9u1.
We recommend that you upgrade your cgal packages.
For the detailed security status of cgal please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cgal
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2020-28601