Search criteria
17 vulnerabilities by libigl
CVE-2023-35953 (GCVE-0-2023-35953)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 16:56
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric vertices section within an OFF file.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Carl Hurd of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T01:03:55.748358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:27.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.4.0"
},
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Carl Hurd of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric vertices section within an OFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:07:14.754Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35953",
"datePublished": "2024-05-28T14:02:43.553Z",
"dateReserved": "2023-06-20T15:55:44.327Z",
"dateUpdated": "2025-02-13T16:56:01.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35952 (GCVE-0-2023-35952)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 16:56
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric faces section within an OFF file.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Carl Hurd of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T01:00:38.017552Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:23.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.4.0"
},
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Carl Hurd of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric faces section within an OFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:07:08.063Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35952",
"datePublished": "2024-05-28T14:02:43.466Z",
"dateReserved": "2023-06-20T15:55:44.327Z",
"dateUpdated": "2025-02-13T16:56:00.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35951 (GCVE-0-2023-35951)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 16:55
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing geometric vertices of an OFF file.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Carl Hurd of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T15:56:27.720071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:17.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.4.0"
},
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Carl Hurd of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing geometric vertices of an OFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:07:11.375Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35951",
"datePublished": "2024-05-28T14:02:43.381Z",
"dateReserved": "2023-06-20T15:55:44.327Z",
"dateUpdated": "2025-02-13T16:55:59.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35950 (GCVE-0-2023-35950)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 16:55
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing the header of an OFF file.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Carl Hurd of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.4.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:51:38.529017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:16.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.4.0"
},
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Carl Hurd of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing the header of an OFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:07:09.743Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35950",
"datePublished": "2024-05-28T14:02:43.296Z",
"dateReserved": "2023-06-20T15:55:44.327Z",
"dateUpdated": "2025-02-13T16:55:59.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35949 (GCVE-0-2023-35949)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 16:55
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing geometric faces of an OFF file.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Carl Hurd of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.4.0"
},
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:03:53.236708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:31.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.4.0"
},
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Carl Hurd of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing geometric faces of an OFF file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:07:13.080Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1784"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35949",
"datePublished": "2024-05-28T14:02:43.211Z",
"dateReserved": "2023-06-20T15:55:44.327Z",
"dateUpdated": "2025-02-13T16:55:58.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49600 (GCVE-0-2023-49600)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:18
VLAI?
Summary
An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity ?
8.1 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Credits
Discovered by Carl Hurd of Cisco Talos.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1879",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1879"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49600",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T14:35:28.488073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:14:09.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Carl Hurd of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:06.728Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1879",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1879"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1879"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-49600",
"datePublished": "2024-05-28T14:02:42.497Z",
"dateReserved": "2023-11-30T14:35:04.296Z",
"dateUpdated": "2025-02-13T17:18:43.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23951 (GCVE-0-2024-23951)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_element_field` function while handling an `ascii`.msh` file.
Severity ?
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T16:18:36.927164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T16:28:52.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_element_field` function while handling an `ascii`.msh` file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:30.520Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-23951",
"datePublished": "2024-05-28T14:02:41.985Z",
"dateReserved": "2024-01-24T12:09:19.677Z",
"dateUpdated": "2025-02-13T17:40:05.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23950 (GCVE-0-2024-23950)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_element_field` function while handling an `binary`.msh` file.
Severity ?
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:56:40.458523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:58.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_element_field` function while handling an `binary`.msh` file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:28.890Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-23950",
"datePublished": "2024-05-28T14:02:41.890Z",
"dateReserved": "2024-01-24T12:09:19.677Z",
"dateUpdated": "2025-02-13T17:40:04.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23949 (GCVE-0-2024-23949)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_node_field` function while handling an `ascii`.msh` file.
Severity ?
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23949",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:23:29.099905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:45:53.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_node_field` function while handling an `ascii`.msh` file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:27.267Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-23949",
"datePublished": "2024-05-28T14:02:41.793Z",
"dateReserved": "2024-01-24T12:09:19.677Z",
"dateUpdated": "2025-02-13T17:40:04.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23948 (GCVE-0-2024-23948)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_nodes` function while handling an `ascii`.msh` file.
Severity ?
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T20:43:47.182297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:45:21.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_nodes` function while handling an `ascii`.msh` file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:25.690Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-23948",
"datePublished": "2024-05-28T14:02:41.707Z",
"dateReserved": "2024-01-24T12:09:19.676Z",
"dateUpdated": "2025-02-13T17:40:03.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23947 (GCVE-0-2024-23947)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_nodes` function while handling a `binary` `.msh` file.
Severity ?
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T16:29:17.793820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T16:29:24.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_nodes` function while handling a `binary` `.msh` file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:12:24.063Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1926"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-23947",
"datePublished": "2024-05-28T14:02:41.624Z",
"dateReserved": "2024-01-24T12:09:19.676Z",
"dateUpdated": "2025-02-13T17:40:02.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24584 (GCVE-0-2024-24584)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TET` elements.
Severity ?
4.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:07:44.199738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:59.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TET` elements."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:08:04.384Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24584",
"datePublished": "2024-05-28T14:02:40.957Z",
"dateReserved": "2024-01-25T20:01:58.464Z",
"dateUpdated": "2025-02-13T17:40:16.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24583 (GCVE-0-2024-24583)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements.
Severity ?
4.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T19:11:00.484766Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:04.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:19:52.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:08:06.005Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24583",
"datePublished": "2024-05-28T14:02:40.872Z",
"dateReserved": "2024-01-25T20:01:58.463Z",
"dateUpdated": "2025-02-13T17:40:15.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24686 (GCVE-0-2024-24686)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ligibl:ligibl:v2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ligibl",
"vendor": "ligibl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:08:23.044711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:04.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:51.045Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24686",
"datePublished": "2024-05-28T14:02:40.153Z",
"dateReserved": "2024-01-26T09:40:46.280Z",
"dateUpdated": "2025-02-13T17:40:19.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24685 (GCVE-0-2024-24685)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T18:05:37.121991Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T18:05:53.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:49.310Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24685",
"datePublished": "2024-05-28T14:02:40.055Z",
"dateReserved": "2024-01-26T09:40:46.280Z",
"dateUpdated": "2025-02-13T17:40:19.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24684 (GCVE-0-2024-24684)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:40
VLAI?
Summary
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the header parsing occuring while processing an `.off` file via the `readOFF` function.
We can see above that at [0] a stack-based buffer called `comment` is defined with an hardcoded size of `1000 bytes`. The call to `fscanf` at [1] is unsafe and if the first line of the header of the `.off` files is longer than 1000 bytes it will overflow the `header` buffer.
Severity ?
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "2.5.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24684",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:24:46.778538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T17:54:43.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the header parsing occuring while processing an `.off` file via the `readOFF` function. \r\n\r\n\r\nWe can see above that at [0] a stack-based buffer called `comment` is defined with an hardcoded size of `1000 bytes`. The call to `fscanf` at [1] is unsafe and if the first line of the header of the `.off` files is longer than 1000 bytes it will overflow the `header` buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:08:47.208Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1929"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-24684",
"datePublished": "2024-05-28T14:02:39.939Z",
"dateReserved": "2024-01-26T09:40:46.280Z",
"dateUpdated": "2025-02-13T17:40:18.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22181 (GCVE-0-2024-22181)
Vulnerability from cvelistv5 – Published: 2024-05-28 14:02 – Updated: 2025-02-13 17:33
VLAI?
Summary
An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Severity ?
7.8 (High)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
Credits
Discovered by Philippe Laulheret of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T19:36:37.301551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T19:36:48.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1930",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1930"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1930"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libigl",
"vendor": "libigl",
"versions": [
{
"status": "affected",
"version": "v2.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Philippe Laulheret of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:10.782Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1930",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1930"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1930"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-22181",
"datePublished": "2024-05-28T14:02:39.319Z",
"dateReserved": "2024-01-26T09:48:39.164Z",
"dateUpdated": "2025-02-13T17:33:33.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}