CVE-2020-28607: 
Linux Debian vulnerability analysis and mitigation

Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. The vulnerability (CVE-2020-28607) specifically involves an out-of-bounds read vulnerability in Nef2/PMioparser.h PMioparser::readface() sethalfedge(). A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution ([Talos Intelligence](https://talosintelligence.com/vulnerabilityreports/TALOS-2020-1225), NVD).

The vulnerability exists in the file reading procedure where the PMioparser::readface() function attempts to set the halfedge without proper bounds checking. When processing a specially crafted file, the code fails to validate array indices before accessing them, leading to out-of-bounds memory access. This vulnerability is part of a larger set of similar issues in the CGAL library's Nef polygon parsing code, where input validation is insufficient before performing memory operations ([Talos Intelligence](https://talosintelligence.com/vulnerabilityreports/TALOS-2020-1225)).

The vulnerability can lead to code execution when processing maliciously crafted input files. An attacker who can provide malicious input to an application using the affected CGAL library version can potentially execute arbitrary code in the context of the current process (Debian LTS).

The vulnerability has been addressed in newer versions of CGAL. Users are recommended to upgrade to a patched version. For Debian 10 (buster), the fix was released in version 4.13-1+deb10u1. Gentoo users should upgrade to version 5.4.1 or later (Debian LTS, Gentoo Security).