[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3226-1] cgal security update



-------------------------------------------------------------------------
Debian LTS Advisory DLA-3226-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Helmut Grohne
December 06, 2022                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : cgal
Version        : 4.13-1+deb10u1
CVE ID         : CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604
                 CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608
                 CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612
                 CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616
                 CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620
                 CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624
                 CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628
                 CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632
                 CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636
                 CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631
                 CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635
                 CVE-2020-35636
Debian Bug     : 985671

When parsing files containing Nef polygon data, several memory access
violations may happen. Many of these allow code execution.

CVE-2020-28601

    A code execution vulnerability exists in the Nef polygon-parsing
    functionality of CGAL. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
    An attacker can provide malicious input to trigger this
    vulnerability.

CVE-2020-28602

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionality of CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex()
    Halfedge_of[].

CVE-2020-28603

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionality of CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().

CVE-2020-28604

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionality of CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().

CVE-2020-28605

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionality of CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge()
    e->set_vertex().

CVE-2020-28606

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().

CVE-2020-28607

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution.  An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().

CVE-2020-28608

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().

CVE-2020-28609

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_iv().

CVE-2020-28610

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex()
    set_face().

CVE-2020-28611

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex()
    set_first_out_edge().

CVE-2020-28612

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->svertices_begin().

CVE-2020-28613

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->svertices_last().

CVE-2020-28614

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->shalfedges_begin().

CVE-2020-28615

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->shalfedges_last().

CVE-2020-28616

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->sfaces_begin().

CVE-2020-28617

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->sfaces_last().

CVE-2020-28618

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex()
    vh->shalfloop().

CVE-2020-28619

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().

CVE-2020-28620

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge()
    eh->center_vertex():.

CVE-2020-28621

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge()
    eh->out_sedge().

CVE-2020-28622

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge()
    eh->incident_sface().

CVE-2020-28623

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().

CVE-2020-28624

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet()
    fh->boundary_entry_objects SEdge_of.

CVE-2020-28625

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet()
    fh->boundary_entry_objects SLoop_of.

CVE-2020-28626

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet()
    fh->incident_volume().

CVE-2020-28627

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume()
    ch->shell_entry_objects().

CVE-2020-28628

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().

CVE-2020-28629

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().

CVE-2020-28630

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().

CVE-2020-28631

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().

CVE-2020-28632

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge()
    seh->incident_sface().

CVE-2020-28633

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().

CVE-2020-28634

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().

CVE-2020-28635

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().

CVE-2020-28636

    A code execution vulnerability exists in the Nef polygon-parsing
    functionalityof CGAL. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An
    attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35628

    A code execution vulnerability exists in the Nef polygon-parsing
    functionalityof CGAL. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop()
    slh->incident_sface. An attacker can provide malicious input to
    trigger this vulnerability.

CVE-2020-35629

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().

CVE-2020-35630

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
    sfh->center_vertex().

CVE-2020-35631

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
    SD.link_as_face_cycle().

CVE-2020-35632

    Multiple code execution vulnerabilities exists in the Nef polygon-
    parsing functionalityof CGAL. A specially crafted malformed file can
    lead to an out-of-bounds read and type confusion, which could lead to
    code execution. An attacker can provide malicious input to trigger
    any of these vulnerabilities. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
    sfh->boundary_entry_objects Edge_of.

CVE-2020-35633

    A code execution vulnerability exists in the Nef polygon-parsing
    functionalityof CGAL. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
    store_sm_boundary_item() Edge_of.A specially crafted malformed file
    can lead to an out-of-bounds read and type confusion, which could
    lead to code execution. An attacker can provide malicious input to
    trigger this vulnerability.

CVE-2020-35634

    A code execution vulnerability exists in the Nef polygon-parsing
    functionalityof CGAL. An oob read vulnerability exists in
    Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface()
    sfh->boundary_entry_objects Sloop_of. A specially crafted malformed
    file can lead to an out-of-bounds read and type confusion, which
    could lead to code execution. An attacker can provide malicious input
    to trigger this vulnerability.

CVE-2020-35635

    A code execution vulnerability exists in the Nef polygon-parsing
    functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
    SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB
    read. A specially crafted malformed file can lead to an out-of-bounds
    read and type confusion, which could lead to code execution. An
    attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35636

    A code execution vulnerability exists in the Nef polygon-parsing
    functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
    SNC_io_parser::read_sface() sfh->volume() OOB read. A specially
    crafted malformed file can lead to an out-of-bounds read and type
    confusion, which could lead to code execution. An attacker can
    provide malicious input to trigger this vulnerability.

For Debian 10 buster, these problems have been fixed in version
4.13-1+deb10u1.

We recommend that you upgrade your cgal packages.

For the detailed security status of cgal please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cgal

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature


Reply to: