{"id":"CVE-2020-28601","details":"A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.","modified":"2026-04-10T04:26:16.088461Z","published":"2021-03-04T20:15:12.910Z","related":["MGASA-2021-0238","MGASA-2021-0239","openSUSE-SU-2024:10678-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-34"},{"type":"ADVISORY","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cgal/cgal","events":[{"introduced":"0"},{"last_affected":"8b649c42a258e3db346f19cb3ae89eca5fea877d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"5.1.1"}]}}],"versions":["master_before_no_tws_nor_tabs","releases/CGAL-3.9-beta1","releases/CGAL-4.0","releases/CGAL-4.10-beta1","releases/CGAL-4.11-beta1","releases/CGAL-4.12","releases/CGAL-4.12-beta1","releases/CGAL-4.12-beta2","releases/CGAL-4.13","releases/CGAL-4.13-beta1","releases/CGAL-4.13-beta2","releases/CGAL-4.14","releases/CGAL-4.14-beta1","releases/CGAL-4.14-beta2","releases/CGAL-4.14-beta3","releases/CGAL-4.14-beta4","releases/CGAL-4.2","releases/CGAL-4.3","releases/CGAL-4.3-beta1","releases/CGAL-4.4","releases/CGAL-4.4-beta1","releases/CGAL-4.5-beta1","releases/CGAL-4.6","releases/CGAL-4.6-beta1","releases/CGAL-4.7-beta1","releases/CGAL-4.7-beta2","releases/CGAL-4.8-beta1","releases/CGAL-4.8-beta2","releases/CGAL-4.9","releases/CGAL-4.9-beta1","releases/CGAL-5.0","releases/CGAL-5.0-beta1","releases/CGAL-5.0-beta2","releases/CGAL-5.1-beta1","releases/CGAL-5.1-beta2","v4.14","v5.0","v5.1","v5.1-beta1","v5.1-beta2","v5.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28601.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}