Multiple vulnerabilities in CGAL library
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 45 |
| CVE-ID | CVE-2020-28601 CVE-2020-28632 CVE-2020-28624 CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628 CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28633 CVE-2020-28622 CVE-2020-28634 CVE-2020-28635 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631 CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635 CVE-2020-28623 CVE-2020-28621 CVE-2020-28636 CVE-2020-28609 CVE-2020-35628 CVE-2020-35636 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604 CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608 CVE-2020-28610 CVE-2020-28620 CVE-2020-28611 CVE-2020-28612 CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616 CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 |
| CWE-ID | CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
cgal Other software / Other software solutions |
| Vendor | CGAL |
Security Bulletin
This security bulletin contains information about 45 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU51056
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28601
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[]. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU51089
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28632
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->incident_sface(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU51081
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28624
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet() fh->boundary_entry_objects SEdge_of. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU51082
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28625
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet() fh->boundary_entry_objects SLoop_of. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU51083
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28626
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet() fh->incident_volume(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU51084
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28627
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_volume() ch->shell_entry_objects(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU51085
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28628
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_volume() seh->twin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU51086
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28629
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->sprev(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU51087
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28630
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->snext(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds read
EUVDB-ID: #VU51088
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28631
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->source(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds read
EUVDB-ID: #VU51090
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28633
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->prev(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU51079
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28622
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge() eh->incident_sface(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU51091
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28634
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->next(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU51092
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->facet(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU51095
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35629
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->facet(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU51096
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35630
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->center_vertex(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU51097
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35631
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() SD.link_as_face_cycle(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU51098
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35632
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->boundary_entry_objects Edge_of. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU51099
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35633
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Edge_of. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU51100
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35634
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->boundary_entry_objects Sloop_of. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU51101
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU51080
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28623
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet() fh->twin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU51078
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge() eh->out_sedge(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU51093
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28636
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU51066
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28609
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_face() store_iv(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU51094
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35628
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU51102
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-35636
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Out-of-bounds read
EUVDB-ID: #VU51058
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28602
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Halfedge_of[]. A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU51060
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28603
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_prev(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Out-of-bounds read
EUVDB-ID: #VU51061
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_next(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU51062
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28605
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_vertex(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU51063
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28606
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_face(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU51064
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28607
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_face() set_halfedge(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds read
EUVDB-ID: #VU51065
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28608
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_2/PM_io_parser.h PM_io_parser::read_face() store_fc(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU51067
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28610
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SM_io_parser.h SM_io_parser::read_vertex() set_face(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU51077
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge() eh->center_vertex(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds read
EUVDB-ID: #VU51068
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28611
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SM_io_parser.h SM_io_parser::read_vertex() set_first_out_edge(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU51069
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28612
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->svertices_begin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU51070
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28613
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->svertices_last(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU51071
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28614
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->shalfedges_begin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU51072
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28615
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->shalfedges_last(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU51073
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28616
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->sfaces_begin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU51074
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28617
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->sfaces_last(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU51075
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28618
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex() vh->shalfloop(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU51076
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28619
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge() eh->twin(). A remote attacker can use a specially crafted file, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionscgal: 5.1.1
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
