vulnerability

Debian: CVE-2022-3008: tinygltf -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:N/A:C)	Sep 5, 2022	Nov 7, 2022	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:C)

Published

Sep 5, 2022

Added

Nov 7, 2022

Modified

Aug 15, 2025

Description

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751

Solution

debian-upgrade-tinygltf

References

CVE-2022-3008
https://attackerkb.com/topics/CVE-2022-3008
CWE-77
CWE-78
DEBIAN-DSA-5232
DEBIAN-DSA-5232-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today