Bug 2283914 (CVE-2023-35953)

Summary: CVE-2023-35953 meshlab: stack-based buffer overflow vulnerabilities exist in the readOFF.cpp
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2283915    
Bug Blocks:    

Description Rohit Keshri 2024-05-30 08:09:51 UTC 
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to trigger these vulnerabilities.This vulnerability exists within the code responsible for parsing comments within the geometric vertices section within an OFF file.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1784
Comment 1 Rohit Keshri 2024-05-30 08:10:13 UTC 
Created meshlab tracking bugs for this issue:

Affects: fedora-all [bug 2283915]