The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
| Link | Tags |
|---|---|
| https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751 | third party advisory patch |
| https://github.com/syoyo/tinygltf/issues/368 | issue tracking patch exploit third party advisory |
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053 | issue tracking mailing list exploit third party advisory |
| https://github.com/syoyo/tinygltf/blob/master/README.md | third party advisory product |
| https://www.debian.org/security/2022/dsa-5232 | third party advisory vendor advisory |