CVE-2022-3008

moderate-risk
Published 2022-09-05

The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751

Do I need to act?

~
7.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / LOW complexity

Affected Products (2)

Tinygltf

Affected Vendors

Debian Tinygltf Project

References (10)

Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053
Product https://github.com/syoyo/tinygltf/blob/master/README.md
Patch https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c75...
Exploit https://github.com/syoyo/tinygltf/issues/368
Third Party Advisory https://www.debian.org/security/2022/dsa-5232
Exploit https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053
Product https://github.com/syoyo/tinygltf/blob/master/README.md
Patch https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c75...
Exploit https://github.com/syoyo/tinygltf/issues/368
Third Party Advisory https://www.debian.org/security/2022/dsa-5232
45
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 10/34 · Low
Exposure 7/34 · Low