Bug 1225650 (CVE-2023-35952)

Summary: VUL-0: CVE-2023-35952: meshlab: stack-based buffer overflow vulnerabilities exist in the readOFF.cpp
Product: [openSUSE] openSUSE Distribution Reporter: SMASH SMASH <smash_bz>
Component: SecurityAssignee: Martin Liška <martin.liska>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: stoyan.manolov
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/407913/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-05-30 10:32:54 UTC 
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric faces section within an OFF file.

References:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35952
https://www.cve.org/CVERecord?id=CVE-2023-35952
https://bugzilla.redhat.com/show_bug.cgi?id=2283911