5 matches found
[SECURITY] [DSA 5232-1] tinygltf security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5232-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 21, 2022 https://www.debian.org/security/faq -...
Debian DSA-5232-1 : tinygltf - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5232 advisory. It was discovered that the wordexp function of tinygltf, a library to load/save glTF GL Transmission Format files was susceptible to command execution when processing...
CVE-2022-3008 Command Injection on tinygltf
The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...
CVE-2022-3008 Command Injection on tinygltf
The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...
CVE-2022-3008
CVE-2022-3008 affects the tinygltf library. The vulnerability arises from using the C function wordexp() to perform file path expansion on untrusted input, enabling potential command execution (path expansion via backticks). The issue is documented across multiple sources: Debian security advisor...