Login Sign Up

CVE-2024-23950

8.8 HIGH

📋 TL;DR

This vulnerability allows an attacker to execute arbitrary code or cause a denial of service by providing a malicious .msh file to libigl's readMSH functionality. It affects applications that use libigl v2.5.0 to parse MSH files, potentially leading to remote code execution if the application processes untrusted files.

💻 Affected Systems

Products:
  • libigl
Versions: v2.5.0
Operating Systems: All platforms where libigl is used
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications that use the vulnerable readMSH functionality to parse .msh files.

📦 What is this software?

Libigl by Libigl

View all CVEs affecting Libigl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the malicious file, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

No impact if file validation prevents processing of untrusted .msh files or if the vulnerability is patched.

🌐 Internet-Facing: MEDIUM - Risk exists if applications accept .msh files from external sources, but requires specific file processing functionality.
🏢 Internal Only: LOW - Typically requires user interaction to open malicious files or automated processing of untrusted content.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious .msh file and getting it processed by vulnerable software.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.5.1 or later

Vendor Advisory: https://github.com/libigl/libigl/releases

Restart Required: Yes

Instructions:

1. Update libigl to version 2.5.1 or later. 2. Recompile any applications using libigl. 3. Restart affected services.

🔧 Temporary Workarounds

Disable MSH file processing

all

Disable or remove functionality that processes .msh files in applications using libigl.

File validation

all

Implement strict validation of .msh files before processing, rejecting files from untrusted sources.

🧯 If You Can't Patch

  • Implement network segmentation to isolate systems using vulnerable libigl versions
  • Use application allowlisting to prevent execution of untrusted applications that might process malicious files

🔍 How to Verify

Check if Vulnerable:

Check if your application uses libigl v2.5.0 and processes .msh files via readMSH functionality.

Check Version:

Check build configuration or dependency files for libigl version reference

Verify Fix Applied:

Verify libigl version is 2.5.1 or later and applications have been recompiled with the updated library.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing .msh files
  • Memory access violation errors in application logs

Network Indicators:

  • Unusual file uploads with .msh extension to affected applications

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "access violation" OR "out of bounds") AND process="*libigl*"

📊 Metadata

CVE ID: CVE-2024-23950
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 28, 2024
Last Updated: February 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23950, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)