CVE-2020-28630: 
Linux Debian vulnerability analysis and mitigation

Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. The vulnerability, identified as CVE-2020-28630, was discovered in the NefS2/SNCioparser.h component, specifically in the SNCioparser::readsedge() seh->snext() function. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution (Talos Report).

The vulnerability stems from improper validation of array indices in the Nef polygon-parsing code. The issue specifically occurs in the NefS2/SNCioparser.h file within the SNCioparser::readsedge() function when accessing seh->snext(). The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) by NVD, while Talos assigned it a CVSS v3.0 score of 10.0 CRITICAL (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability is classified under CWE-129 (Improper Validation of Array Index) and CWE-125 (Out-of-bounds Read) (NVD).

The vulnerability allows an attacker to potentially execute arbitrary code by providing malicious input that triggers an out-of-bounds read and type confusion. This could lead to complete system compromise with the privileges of the application processing the malformed Nef polygon data (Talos Report).

The vulnerability has been addressed in subsequent versions of CGAL. Debian 10 (buster) users should upgrade to version 4.13-1+deb10u1, while Gentoo users should upgrade to version 5.4.1 or later. The fixes have also been implemented in other distributions, including bullseye (5.2-3), bookworm (5.5.1-2), and trixie/sid (6.0.1-1) (Debian Advisory, Gentoo Advisory).