Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
jkuhlmann / cgltf <= 1.15 Sparse Accessor Validation Integer Overflow
Vulnerability Description
cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
cgltf 安全漏洞
Vulnerability Description
cgltf是德国Johannes Kuhlmann个人开发者的一个用于加载和处理glTF 3D模型格式的库。 cgltf 1.15及之前版本存在安全漏洞,该漏洞源于cgltf_validate函数在验证稀疏访问器时存在整数溢出,可能导致攻击者通过特制glTF/GLB输入文件触发越界读取,造成拒绝服务崩溃和潜在内存泄露。
CVSS Information
N/A
Vulnerability Type
N/A