{"id":"CVE-2020-35628","details":"A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh-\u003eincident_sface. An attacker can provide malicious input to trigger this vulnerability.","modified":"2026-05-18T05:51:10.748360018Z","published":"2021-03-04T20:15:13.253Z","database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"},{"last_affected":"10.0"}]},{"vendor_product":"fedoraproject:fedora","source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"33"},{"last_affected":"34"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4J344OKKDLPRN422OYRR46HDEN6MM6P/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NB5SF5OJR2DSV7CC6U7FVW5VJSJO5EKV/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00002.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00011.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-34"},{"type":"ADVISORY","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cgal/cgal","events":[{"introduced":"0"},{"last_affected":"8b649c42a258e3db346f19cb3ae89eca5fea877d"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:cgal:computational_geometry_algorithms_library:5.1.1:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"5.1.1"}]}}],"versions":["v5.1.1","v5.1","v5.1-beta2","releases/CGAL-5.1-beta2","v5.1-beta1","releases/CGAL-5.1-beta1","master_before_no_tws_nor_tabs","v5.0","releases/CGAL-5.0","releases/CGAL-5.0-beta2","releases/CGAL-5.0-beta1","v4.14","releases/CGAL-4.14","releases/CGAL-4.14-beta4","releases/CGAL-4.14-beta3","releases/CGAL-4.14-beta2","releases/CGAL-4.14-beta1","releases/CGAL-4.13","releases/CGAL-4.13-beta2","releases/CGAL-4.13-beta1","releases/CGAL-4.12","releases/CGAL-4.12-beta2","releases/CGAL-4.12-beta1","releases/CGAL-4.11-beta1","releases/CGAL-4.10-beta1","releases/CGAL-4.9","releases/CGAL-4.9-beta1","releases/CGAL-4.8-beta2","releases/CGAL-4.8-beta1","releases/CGAL-4.7-beta2","releases/CGAL-4.7-beta1","releases/CGAL-4.4-beta1","releases/CGAL-4.6","releases/CGAL-4.6-beta1","releases/CGAL-4.5-beta1","releases/CGAL-4.4","releases/CGAL-4.3","releases/CGAL-4.3-beta1","releases/CGAL-4.2","releases/CGAL-4.0","releases/CGAL-3.9-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35628.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}