CVE-2024-24684
Published: 28 May 2024
Summary
CVE-2024-24684 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libigl Libigl. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 4.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-24684 is a stack-based buffer overflow in the readOFF function of libigl version 2.5.0. The flaw occurs during header parsing of .off files when an oversized first line exceeds the hardcoded 1000-byte comment buffer, allowing an out-of-bounds write via an unsafe fscanf call. The issue is tracked under CWE-121 and CWE-787 and carries a CVSS 3.1 score of 7.8.
An attacker can exploit the vulnerability by supplying a malicious .off file to any application that uses libigl's readOFF routine. Successful exploitation grants arbitrary code execution with the privileges of the affected process, potentially resulting in full confidentiality, integrity, and availability impact on the local system.
Public advisories published by Cisco Talos detail the vulnerability and provide the technical analysis referenced under TALOS-2024-1929; at the time of disclosure no vendor patch or mitigation guidance was included in the reports.
EPSS for this CVE has remained flat at 0.2193 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-22083
Vulnerability details
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the header parsing…
more
occuring while processing an `.off` file via the `readOFF` function. We can see above that at [0] a stack-based buffer called `comment` is defined with an hardcoded size of `1000 bytes`. The call to `fscanf` at [1] is unsafe and if the first line of the header of the `.off` files is longer than 1000 bytes it will overflow the `header` buffer.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.