Bug 1225650 (CVE-2023-35952) - VUL-0: CVE-2023-35952: meshlab: stack-based buffer overflow vulnerabilities exist in the readOFF.cpp
Summary: VUL-0: CVE-2023-35952: meshlab: stack-based buffer overflow vulnerabilities e...
Status: NEW
Alias: CVE-2023-35952
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.6
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: ---
Assignee: Martin Liška
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/407913/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-30 10:32 UTC by SMASH SMASH
Modified: 2024-05-30 11:15 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-05-30 10:32:54 UTC 
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric faces section within an OFF file.

References:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35952
https://www.cve.org/CVERecord?id=CVE-2023-35952
https://bugzilla.redhat.com/show_bug.cgi?id=2283911