vulnerability

Ubuntu: USN-7129-1 (CVE-2022-3008): TinyGLTF vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:N/A:C)	Sep 5, 2022	Nov 27, 2024	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:N/A:C)

Published

Sep 5, 2022

Added

Nov 27, 2024

Modified

Aug 18, 2025

Description

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751

Solutions

ubuntu-upgrade-libtinygltf-devubuntu-upgrade-libtinygltf1d

References

CVE-2022-3008
https://attackerkb.com/topics/CVE-2022-3008
CWE-77
CWE-78
UBUNTU-USN-7129-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today