Описание
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tinyobjloader | fixed | 2.0.0~rc9+dfsg-1 | experimental | package |
| tinyobjloader | fixed | 2.0.0~rc10+dfsg-2 | package | |
| tinyobjloader | no-dsa | bullseye | package |
Примечания
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1212
https://github.com/tinyobjloader/tinyobjloader/commit/7ba4b652ee0c5175ec8abf66199e84d88adf11f1 (v2.0.0rc9)
EPSS
Связанные уязвимости
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Уязвимость функционала LoadObj загрузчика .obj Tinyobjloader, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS