The tinygltf library does not sanitize untrusted input for its path before passing it to the C library. This allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
Unprivileged users on the system could create a malicious PDF file that could be passed to the tinygltf library when creating a PDF. This would result in a command injection as the library would use the passed untrusted path as input to the C library. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
When the tinygltf library generates a signature, it will use the RSA signing algorithm with a 2048-bit key. This is a common strength for a signature algorithm. However, the tinygltf library does not check the signature algorithm used when signing the file. This means that the signature could be generated with an algorithm that the library doesn’t support. This could result in a false positive for the signature validation. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf07
CVE-2023-3007
The tinygltf library does not sanitize untrusted input for its path before passing it to the C library. This allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
Untrusted users on the system could create a malicious PDF file that could be passed to the tinygltf library when creating a PDF. This would result in a command injection as the library would use the passed untrusted path as input to the C library. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
Timeline
Published on: 09/05/2022 09:15:00 UTC
Last modified on: 09/22/2022 00:15:00 UTC
References
- https://github.com/syoyo/tinygltf/issues/368
- https://github.com/syoyo/tinygltf/blob/master/README.md
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053
- https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751
- https://www.debian.org/security/2022/dsa-5232
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3008