{
  "id": "CVE-2024-24583",
  "sourceIdentifier": "talos-cna@cisco.com",
  "published": "2024-05-28T14:15:11.380",
  "lastModified": "2025-02-11T22:25:31.757",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements."
    },
    {
      "lang": "es",
      "value": "Existen m\u00faltiples vulnerabilidades de lectura fuera de los l\u00edmites en la funcionalidad readMSH de libigl v2.5.0. Un archivo .msh especialmente manipulado puede provocar una lectura fuera de los l\u00edmites. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta a la funci\u00f3n `readMSH` mientras procesa elementos `MshLoader::ELEMENT_TRI`."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "talos-cna@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "talos-cna@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:libigl:libigl:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BC184E-2C02-40C5-BA95-B2ADCF16C366"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
      "source": "talos-cna@cisco.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
      "source": "talos-cna@cisco.com",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1928",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ]
    }
  ]
}