CVE-2020-28615: 
Linux Debian vulnerability analysis and mitigation

Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. Specifically, an out-of-bounds read vulnerability exists in NefS2/SNCioparser.h SNCioparser::readvertex() vh->shalfedges_last(). A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution (Debian LTS, Debian Tracker).

The vulnerability exists in the Nef polygon-parsing code, specifically in the SNCioparser::readvertex() function within NefS2/SNCioparser.h. The issue occurs when reading vertex data, where the code fails to properly validate array indices before accessing them, leading to out-of-bounds memory reads. The vulnerability has been assigned CWE-129 and CWE-125 classifications, indicating improper validation of array indices (NVD CNA).

The vulnerability allows an attacker to trigger out-of-bounds memory reads and potentially achieve code execution through type confusion by providing specially crafted malformed input files. This could lead to arbitrary code execution in the context of the application processing the malicious Nef polygon data (Talos).

The vulnerability has been fixed in multiple versions across different distributions: CGAL 4.13-1+deb10u1 for Debian 10 Buster, version 5.4.1 and later for Gentoo, and version 5.2-3 for Debian Bullseye. Users are recommended to upgrade to the fixed versions (Debian LTS, Gentoo Security).