diff options
author | Helmut Grohne <helmut@subdivi.de> | 2022-12-06 13:20:45 +0100 |
---|---|---|
committer | Boyuan Yang <byang@debian.org> | 2022-12-06 13:57:02 +0000 |
commit | a3bdff221e2f47b4855537334c4da1f0726bdb77 (patch) | |
tree | dfadf4474166a8da6a5175a3af166ca53081b01a | |
parent | d21d632f2f7261784245e1c7a60290bce9f23bd9 (diff) |
issue DLA-3226-1 for cgal
-rw-r--r-- | english/lts/security/2022/dla-3226.data | 10 | ||||
-rw-r--r-- | english/lts/security/2022/dla-3226.wml | 413 |
2 files changed, 423 insertions, 0 deletions
diff --git a/english/lts/security/2022/dla-3226.data b/english/lts/security/2022/dla-3226.data new file mode 100644 index 00000000000..6ac74c4ee6a --- /dev/null +++ b/english/lts/security/2022/dla-3226.data @@ -0,0 +1,10 @@ +<define-tag pagetitle>DLA-3226-1 cgal</define-tag> +<define-tag report_date>2022-12-06</define-tag> +<define-tag secrefs>CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604 CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608 CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612 CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616 CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620 CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624 CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628 CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632 CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636 CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631 CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635 CVE-2020-35636 Bug#985671</define-tag> +<define-tag packages>cgal</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + diff --git a/english/lts/security/2022/dla-3226.wml b/english/lts/security/2022/dla-3226.wml new file mode 100644 index 00000000000..de405b0e4e5 --- /dev/null +++ b/english/lts/security/2022/dla-3226.wml @@ -0,0 +1,413 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> +<p>When parsing files containing Nef polygon data, several memory access +violations may happen. Many of these allow code execution.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28601">CVE-2020-28601</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionality of CGAL. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser::read_vertex()</code> <code>Face_of[]</code> OOB read. + An attacker can provide malicious input to trigger this + vulnerability.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28602">CVE-2020-28602</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionality of CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_vertex()</code> + <code>Halfedge_of[]</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28603">CVE-2020-28603</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionality of CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_hedge()</code> <code>e->set_prev()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28604">CVE-2020-28604</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionality of CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_hedge()</code> <code>e->set_next()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28605">CVE-2020-28605</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionality of CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_hedge()</code> + <code>e->set_vertex()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28606">CVE-2020-28606</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_hedge()</code> <code>e->set_face()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28607">CVE-2020-28607</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_face()</code> set_halfedge().</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28608">CVE-2020-28608</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_face()</code> store_fc().</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28609">CVE-2020-28609</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_2/PM_io_parser.h</code> <code>PM_io_parser<PMDEC>::read_face()</code> store_iv().</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28610">CVE-2020-28610</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SM_io_parser.h</code> <code>SM_io_parser<Decorator_>::read_vertex()</code> + set_face().</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28611">CVE-2020-28611</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SM_io_parser.h</code> <code>SM_io_parser<Decorator_>::read_vertex()</code> + set_first_out_edge().</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28612">CVE-2020-28612</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->svertices_begin()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28613">CVE-2020-28613</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->svertices_last()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28614">CVE-2020-28614</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->shalfedges_begin()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28615">CVE-2020-28615</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->shalfedges_last()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28616">CVE-2020-28616</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->sfaces_begin()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28617">CVE-2020-28617</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->sfaces_last()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28618">CVE-2020-28618</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_vertex()</code> + <code>vh->shalfloop()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28619">CVE-2020-28619</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_edge()</code> <code>eh->twin()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28620">CVE-2020-28620</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_edge()</code> + <code>eh->center_vertex()</code>:.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28621">CVE-2020-28621</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_edge()</code> + <code>eh->out_sedge()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28622">CVE-2020-28622</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_edge()</code> + <code>eh->incident_sface()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28623">CVE-2020-28623</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_facet()</code> <code>fh->twin()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28624">CVE-2020-28624</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_facet()</code> + <code>fh->boundary_entry_objects</code> SEdge_of.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28625">CVE-2020-28625</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_facet()</code> + <code>fh->boundary_entry_objects</code> SLoop_of.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28626">CVE-2020-28626</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_facet()</code> + <code>fh->incident_volume()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28627">CVE-2020-28627</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_volume()</code> + <code>ch->shell_entry_objects()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28628">CVE-2020-28628</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_volume()</code> <code>seh->twin()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28629">CVE-2020-28629</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> <code>seh->sprev()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28630">CVE-2020-28630</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> <code>seh->snext()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28631">CVE-2020-28631</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> <code>seh->source()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28632">CVE-2020-28632</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> + <code>seh->incident_sface()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28633">CVE-2020-28633</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> <code>seh->prev()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28634">CVE-2020-28634</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> <code>seh->next()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28635">CVE-2020-28635</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sedge()</code> <code>seh->facet()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-28636">CVE-2020-28636</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionalityof CGAL. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser::read_sloop()</code> <code>slh->twin()</code> An + attacker can provide malicious input to trigger this vulnerability.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35628">CVE-2020-35628</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionalityof CGAL. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser::read_sloop()</code> + <code>slh->incident_sface</code>. An attacker can provide malicious input to + trigger this vulnerability.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35629">CVE-2020-35629</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sloop()</code> <code>slh->facet()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35630">CVE-2020-35630</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sface()</code> + <code>sfh->center_vertex()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35631">CVE-2020-35631</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sface()</code> + <code>SD.link_as_face_cycle()</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35632">CVE-2020-35632</a> + + <p>Multiple code execution vulnerabilities exists in the Nef polygon parsing functionalityof CGAL. A specially crafted malformed file can + lead to an out-of-bounds read and type confusion, which could lead to + code execution. An attacker can provide malicious input to trigger + any of these vulnerabilities. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sface()</code> + <code>sfh->boundary_entry_objects</code> <code>Edge_of</code>.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35633">CVE-2020-35633</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionalityof CGAL. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sface()</code> + <code>store_sm_boundary_item()</code> <code>Edge_of</code>. A specially crafted malformed file + can lead to an out-of-bounds read and type confusion, which could + lead to code execution. An attacker can provide malicious input to + trigger this vulnerability.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35634">CVE-2020-35634</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionalityof CGAL. An oob read vulnerability exists in + <code>Nef_S2/SNC_io_parser.h</code> <code>SNC_io_parser<EW>::read_sface()</code> + <code>sfh->boundary_entry_objects</code> <code>Sloop_of</code>. A specially crafted malformed + file can lead to an out-of-bounds read and type confusion, which + could lead to code execution. An attacker can provide malicious input + to trigger this vulnerability.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35635">CVE-2020-35635</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionality of CGAL libcgal CGAL-5.1.1 in <code>Nef_S2/SNC_io_parser.h</code> + <code>SNC_io_parser::read_sface()</code> <code>store_sm_boundary_item()</code> <code>Sloop_of</code> OOB + read. A specially crafted malformed file can lead to an out-of-bounds + read and type confusion, which could lead to code execution. An + attacker can provide malicious input to trigger this vulnerability.</p></li> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2020-35636">CVE-2020-35636</a> + + <p>A code execution vulnerability exists in the Nef polygon-parsing + functionality of CGAL libcgal CGAL-5.1.1 in <code>Nef_S2/SNC_io_parser.h</code> + <code>SNC_io_parser::read_sface()</code> <code>sfh->volume()</code> OOB read. A specially + crafted malformed file can lead to an out-of-bounds read and type + confusion, which could lead to code execution. An attacker can + provide malicious input to trigger this vulnerability.</p></li> + +</ul> + +<p>For Debian 10 buster, these problems have been fixed in version +4.13-1+deb10u1.</p> + +<p>We recommend that you upgrade your cgal packages.</p> + +<p>For the detailed security status of cgal please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/cgal">https://security-tracker.debian.org/tracker/cgal</a></p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2022/dla-3226.data" +# $Id: $ |