CVE-2024-23947: Libigl Buffer Overflow Vulnerability

CVE-2024-23947 Overview

CVE-2024-23947 is an out-of-bounds write vulnerability in the readMSH functionality of libigl v2.5.0. The flaw resides in the igl::MshLoader::parse_nodes function when handling binary .msh files. A specially crafted .msh file triggers improper array index validation, leading to memory corruption. An attacker can deliver a malicious file to an application that links libigl, achieving an out-of-bounds write that can result in arbitrary code execution. The vulnerability is tracked under [CWE-787: Out-of-bounds Write].

Critical Impact

Successful exploitation enables an out-of-bounds write that can be leveraged for arbitrary code execution with the privileges of the user processing the malicious mesh file.

Affected Products

• libigl v2.5.0
• Applications and libraries that embed or link libigl v2.5.0 for mesh processing
• Tools relying on igl::MshLoader::parse_nodes to parse binary .msh files

Discovery Timeline

• 2024-05-28 - CVE-2024-23947 published to the National Vulnerability Database (NVD) following coordinated disclosure by Cisco Talos
• 2025-02-12 - Last updated in NVD database

Technical Details for CVE-2024-23947

Vulnerability Analysis

The vulnerability exists in libigl, an open-source C++ geometry processing library used in computer graphics, simulation, and computer-aided design (CAD) workflows. The readMSH interface deserializes Gmsh .msh files, which describe finite-element meshes including node coordinates and element connectivity. When parsing the binary variant of this format, the igl::MshLoader::parse_nodes routine fails to validate array indices read from attacker-controlled fields before using them to index destination buffers.

Because libigl is consumed as a header-only or static library in downstream tooling, exploitation occurs in the address space of any application that opens an untrusted .msh file. The attack requires user interaction, as a victim must open or import the crafted file. Successful exploitation results in high impact to confidentiality, integrity, and availability.

Root Cause

The binary parser in parse_nodes trusts node identifiers and count fields from the input file without enforcing upper bounds against the size of the buffers it writes to. The parser uses these unvalidated indices when writing node data, allowing writes outside the allocated region. This pattern of missing index validation classifies the issue as [CWE-787].

Attack Vector

An attacker crafts a malicious binary .msh file with index or count values that fall outside the valid range for the destination arrays. The file is delivered through any channel that results in it being parsed by a libigl-based application, such as email attachments, project asset bundles, model marketplaces, or web downloads. When the victim opens the file, libigl invokes parse_nodes, performs the unchecked write, and corrupts adjacent memory. Detailed technical analysis is published by Cisco Talos. See the Talos Intelligence Vulnerability Report TALOS-2024-1926 for proof-of-concept details and reproduction steps.

Detection Methods for CVE-2024-23947

Indicators of Compromise

• Unexpected crashes, segmentation faults, or heap corruption messages in processes that load .msh files via libigl
• Binary .msh files originating from untrusted sources, especially those with malformed node section headers or unusually large node counts
• Child processes, shell spawns, or outbound network connections originating from CAD, simulation, or geometry-processing applications after opening a mesh file

Detection Strategies

• Inventory binaries and Python/C++ projects that statically link or vendor libigl and flag versions at or below v2.5.0
• Use software composition analysis (SCA) tooling to identify libigl v2.5.0 in dependency graphs, including transitive inclusions in research code
• Inspect inbound .msh files at email and web gateways and quarantine samples failing format validation against the Gmsh specification

Monitoring Recommendations

• Monitor endpoint telemetry for crashes in processes known to embed libigl, correlating with recent .msh file access
• Alert on process-injection-style child process creation from geometry or simulation applications
• Log file-open events for .msh extensions on workstations used by engineering, research, and graphics teams

How to Mitigate CVE-2024-23947

Immediate Actions Required

• Upgrade libigl beyond v2.5.0 to a release containing the upstream fix once available from the libigl project
• Audit downstream applications and rebuild any binaries that statically link the vulnerable version
• Block or quarantine .msh files received from untrusted external sources at the email and web proxy layer
• Restrict execution of mesh-processing applications to standard user accounts to limit post-exploitation impact

Patch Information

Review the Talos Intelligence Vulnerability Report TALOS-2024-1926 for vendor coordination details. Track the libigl repository for the patched release addressing the igl::MshLoader::parse_nodes index validation flaw and rebuild dependent software against the corrected version.

Workarounds

• Disable binary .msh import paths in applications that expose user-selectable file formats and accept only ASCII .msh variants where feasible
• Process untrusted .msh files inside sandboxed containers or virtual machines with no network access and minimal filesystem privileges
• Apply application allowlisting to prevent unsigned child processes from spawning out of mesh-processing tools

# Example: validate libigl version in a build environment before compiling
grep -R "IGL_VERSION" path/to/libigl/include/igl/ | head -n 5
# Reject builds that resolve to libigl 2.5.0