CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the cgltfvalidate function when processing sparse accessors. An attacker can cause out-of-bounds reads and potential memory disclosure by supplying crafted glTF/GLB files with attacker-controlled size...

CVE-2026-32845

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltfvalidate function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecke...

CVE-2026-32845

Cgltf version 1.15 and earlier contains an integer overflow in cgltf_validate() when validating sparse accessors, enabling heap buffer over-reads of attacker-controlled size values in crafted glTF/GLB inputs. This leads to denial of service crashes and potential memory disclosure via cgltf_calc_i...

PT-2026-27144

Name of the Vulnerable Software and Affected Versions cgltf versions prior to 1.15 Description cgltf versions prior to 1.15 contain an integer overflow issue in the cgltf validate function when validating sparse accessors. This allows attackers to trigger out-of-bounds reads by providing speciall...