vulnerability

Ubuntu: USN-7129-1 (CVE-2022-3008): TinyGLTF vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	09/05/2022	11/27/2024	01/28/2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

09/05/2022

Added

11/27/2024

Modified

01/28/2025

Description

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751

Solution(s)

ubuntu-upgrade-libtinygltf-devubuntu-upgrade-libtinygltf1d

References

CVE-2022-3008
https://attackerkb.com/topics/CVE-2022-3008
UBUNTU-USN-7129-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today