CVE-2020-28631: 
Linux Debian vulnerability analysis and mitigation

Multiple code execution vulnerabilities exist in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger these vulnerabilities. Specifically, an out-of-bounds read vulnerability exists in NefS2/SNCioparser.h SNCioparser::readsedge() seh->source() (NVD, Talos).

The vulnerability affects the Nef polygon parsing code in CGAL, particularly in the NefS2/SNCioparser.h file. The issue occurs in the SNCioparser::readsedge() function when accessing seh->source(). The vulnerability has been assigned a CVSS v3.1 base score of 8.8 HIGH with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H by NVD, while Talos assigned it a CVSS v3.0 score of 10.0 CRITICAL with vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker to achieve code execution through out-of-bounds read and type confusion by providing specially crafted malformed input files. This could potentially lead to full system compromise depending on the context in which CGAL is being used (Talos).

The vulnerability has been fixed in subsequent releases. Debian 10 (buster) users should upgrade to version 4.13-1+deb10u1. Gentoo users should upgrade to version 5.4.1 or later. For systems where upgrading is not immediately possible, there are no known workarounds (Debian LTS, Gentoo).