CVE-2020-28606: 
Linux Debian vulnerability analysis and mitigation

Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. The vulnerability, identified as CVE-2020-28606, was disclosed and involves an out-of-bounds read vulnerability in Nef2/PMioparser.h PMioparser::readhedge() e->setface(). A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution ([Talos](https://talosintelligence.com/vulnerabilityreports/TALOS-2020-1225)).

The vulnerability is characterized by an out-of-bounds read in the Nef2/PMioparser.h file, specifically in the PMioparser::readhedge() e->set_face() function. The CVSS v3.1 base score is 8.8 HIGH according to NVD, while Talos rates it at 10.0 CRITICAL (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability is classified under CWE-129 (Improper Validation of Array Index) and CWE-125 (Out-of-bounds Read) (NVD).

The vulnerability can lead to code execution if successfully exploited. When parsing files containing Nef polygon data, the out-of-bounds read and type confusion vulnerabilities could allow an attacker to execute arbitrary code through specially crafted malformed files (Debian LTS).

For Debian 10 (buster), the vulnerability has been fixed in version 4.13-1+deb10u1. Gentoo users should upgrade to version 5.4.1 or later. The recommended action is to upgrade the CGAL packages to their latest patched versions (Debian LTS, Gentoo).