Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 774261 (CVE-2020-28601, CVE-2020-28602, CVE-2020-28603, CVE-2020-28604, CVE-2020-28605, CVE-2020-28606, CVE-2020-28607, CVE-2020-28608, CVE-2020-28610, CVE-2020-28611, CVE-2020-28612, CVE-2020-28613, CVE-2020-28614, CVE-2020-28615, CVE-2020-28616, CVE-2020-28617, CVE-2020-28618, CVE-2020-28619, CVE-2020-28620, CVE-2020-28621, CVE-2020-28622, CVE-2020-28623, CVE-2020-28624, CVE-2020-28625, CVE-2020-28626, CVE-2020-28627, CVE-2020-28628, CVE-2020-28629, CVE-2020-28630, CVE-2020-28631, CVE-2020-28632, CVE-2020-28633, CVE-2020-28634, CVE-2020-28635, CVE-2020-28636, CVE-2020-35628, CVE-2020-35629, CVE-2020-35630, CVE-2020-35631, CVE-2020-35632, CVE-2020-35633, CVE-2020-35634, CVE-2020-35635, CVE-2020-35636)

Summary: <sci-mathematics/cgal-5.4.1: multiple vulnerabilities (CVE-2020-{28601,28636,35628,35636})
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: major CC: gentoo, proxy-maint, sci-mathematics
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Whiteboard: B1 [stable]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-03-05 04:59:17 UTC
CVE-2020-28601:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-28636:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35628:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35636:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.


The CVE text says 5.1.1 is vulnerable but I can't find where this might've
been fixed in the 5.2 branch, so [upstream] for now.
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:23:44 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:32:09 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:40:02 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:48:13 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:04:09 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:12:27 UTC
Package list is empty or all packages have requested keywords.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-30 23:10:26 UTC
CVE-2020-35633:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35634:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35635:

A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-19 02:17:57 UTC
CVE-2020-28610 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_face().

CVE-2020-28611 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SM_io_parser.h SM_io_parser<Decorator_>::read_vertex() set_first_out_edge().

CVE-2020-28612 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_begin().

CVE-2020-28613 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->svertices_last().

CVE-2020-28614 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_begin().

CVE-2020-28602 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].

CVE-2020-28603 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev().

CVE-2020-28604 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_next().

CVE-2020-28605 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_vertex().

CVE-2020-28606 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_face().

CVE-2020-28607 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() set_halfedge().

CVE-2020-28608 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_face() store_fc().
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-19 02:18:44 UTC
CVE-2020-28615 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfedges_last().

CVE-2020-28616 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_begin().

CVE-2020-28617 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last().

CVE-2020-28618 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->shalfloop().

CVE-2020-28619 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->twin().

CVE-2020-28620 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->center_vertex():.

CVE-2020-28621 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->out_sedge().

CVE-2020-28622 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_edge() eh->incident_sface().

CVE-2020-28623 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->twin().

CVE-2020-28624 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SEdge_of.

CVE-2020-28625 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->boundary_entry_objects SLoop_of.

CVE-2020-28626 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_facet() fh->incident_volume().

CVE-2020-28627 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects().

CVE-2020-28628 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() seh->twin().

CVE-2020-28629 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->sprev().

CVE-2020-28630 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->snext().

CVE-2020-28631 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->source().

CVE-2020-28632 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->incident_sface().

CVE-2020-28633 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->prev().

CVE-2020-28634 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->next().

CVE-2020-28635 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet().
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-19 02:19:46 UTC
CVE-2020-35631 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle().

CVE-2020-35632 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of.

CVE-2020-35630 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex().

CVE-2020-35629 (https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225):

Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet().
Comment 11 Larry the Git Cow gentoo-dev 2022-06-08 22:14:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=97dbb5e8a5cbb9fff34feeec58f9ee2f5ea5d02a

commit 97dbb5e8a5cbb9fff34feeec58f9ee2f5ea5d02a
Author:     Matthias Maier <tamiko@gentoo.org>
AuthorDate: 2022-06-08 22:13:48 +0000
Commit:     Matthias Maier <tamiko@gentoo.org>
CommitDate: 2022-06-08 22:13:48 +0000

    sci-mathematics/cgal: drop 5.1-r2, 5.2-r2, 5.2.2-r1
    
    Bug: https://bugs.gentoo.org/774261
    Signed-off-by: Matthias Maier <tamiko@gentoo.org>

 sci-mathematics/cgal/Manifest             |  6 ---
 sci-mathematics/cgal/cgal-5.1-r2.ebuild   | 79 -------------------------------
 sci-mathematics/cgal/cgal-5.2-r2.ebuild   | 77 ------------------------------
 sci-mathematics/cgal/cgal-5.2.2-r1.ebuild | 77 ------------------------------
 4 files changed, 239 deletions(-)
Comment 12 Matthias Maier gentoo-dev 2022-06-08 22:14:50 UTC
CGAL is a library for scientific computation.


I am a bit at a loss why this library received a security audit and who filed for CVEs for it.


Let me put it bluntly: If we were to treat such input sanitation errors of scientific software as security vulnerabilities in Gentoo then I would say let's "last rite" all of the sci-* libraries and software immediately.

@security: Please reassess and modify severity - or close.

Anyway, CGAL 5.4.1 has been pushed to the tree. I have also dropped vulnerable versions and will ask for an emergency stabilization within 48h.
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-09 02:40:46 UTC
Just for posterity, we discussed this on IRC a bit:

22:18 <@ajak> i'd like to track all cves that affect our stuff so we can consistently point people to bugzilla when they come to us like 'why haven't you fixed CVE-xxxx...?!'
22:18 <@sam_> no, I know, but it's useful to be able to look up a CVE in our Bugzilla even if we close a bug or something, to know that we've dealt with it
22:19 <@tamiko> Then give the bug a severity rating that correctly reflects the situation.
22:19 <@ajak> you're referring to the "major" on cgal?
22:19 <@tamiko> B1 - Importance major
22:19 <@tamiko> Yes.
22:20 <@ajak> i indiscriminately set those to whatever the impact seems to be according to https://www.gentoo.org/support/security/vulnerability-treatment-policy.html
22:20 <@ajak> i don't think we should be making judgement calls on whether something is "really" a risk to users or not, we can just fix stuff
22:21 <@ajak> so while the vulnerability treatment policy badly needs an update, i think the best we can do is just track everything and let maintainers handle accordingly
...
22:22 <@sam_> but I suppose is the real fix is "go tell upstream to dispute the CVEs"
22:23 <@ajak> i don't think people pay much attention to the severity in any case