Search criteria
2 vulnerabilities by syoyo
CVE-2023-1570 (GCVE-0-2023-1570)
Vulnerability from cvelistv5 – Published: 2023-03-22 14:31 – Updated: 2024-08-02 05:49
VLAI
Title
syoyo tinydng tiny_dng_loader.h __interceptor_memcpy heap-based overflow
Summary
A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability.
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.223562 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.223562 | signaturepermissions-required |
| https://github.com/syoyo/tinydng/issues/28 | issue-tracking |
| https://github.com/syoyo/tinydng/issues/29 | issue-tracking |
| https://github.com/10cksYiqiyinHangzhouTechnology… | exploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.223562"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.223562"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/syoyo/tinydng/issues/28"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/syoyo/tinydng/issues/29"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/tinydngSecurityIssueReport1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tinydng",
"vendor": "syoyo",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "10cksYiqiyinHangzhouTechnology (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in syoyo tinydng entdeckt. Dies betrifft die Funktion __interceptor_memcpy der Datei tiny_dng_loader.h. Durch das Beeinflussen mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T10:50:22.427Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.223562"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.223562"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/syoyo/tinydng/issues/28"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/syoyo/tinydng/issues/29"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/10cksYiqiyinHangzhouTechnology/tinydngSecurityIssueReport1"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-03-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-03-22T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-03-22T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-04-12T20:40:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "syoyo tinydng tiny_dng_loader.h __interceptor_memcpy heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-1570",
"datePublished": "2023-03-22T14:31:03.821Z",
"dateReserved": "2023-03-22T11:02:30.722Z",
"dateUpdated": "2024-08-02T05:49:11.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3008 (GCVE-0-2022-3008)
Vulnerability from cvelistv5 – Published: 2022-09-05 09:10 – Updated: 2025-04-21 13:50
VLAI
Title
Command Injection on tinygltf
Summary
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
Severity
8.1 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/syoyo/tinygltf/commit/52ff00a3… | x_refsource_MISC |
| https://github.com/syoyo/tinygltf/issues/368 | x_refsource_MISC |
| https://bugs.chromium.org/p/oss-fuzz/issues/detai… | x_refsource_MISC |
| https://github.com/syoyo/tinygltf/blob/master/README.md | x_refsource_MISC |
| https://www.debian.org/security/2022/dsa-5232 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/syoyo/tinygltf/issues/368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/syoyo/tinygltf/blob/master/README.md"
},
{
"name": "DSA-5232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5232"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3008",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:39:12.221593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:50:13.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tinygltf",
"vendor": "syoyo",
"versions": [
{
"lessThan": "2.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-21T23:05:57.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/syoyo/tinygltf/issues/368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/syoyo/tinygltf/blob/master/README.md"
},
{
"name": "DSA-5232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5232"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Command Injection on tinygltf",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2022-3008",
"STATE": "PUBLIC",
"TITLE": "Command Injection on tinygltf"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "tinygltf",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.6.0"
}
]
}
}
]
},
"vendor_name": "syoyo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751",
"refsource": "MISC",
"url": "https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751"
},
{
"name": "https://github.com/syoyo/tinygltf/issues/368",
"refsource": "MISC",
"url": "https://github.com/syoyo/tinygltf/issues/368"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053"
},
{
"name": "https://github.com/syoyo/tinygltf/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/syoyo/tinygltf/blob/master/README.md"
},
{
"name": "DSA-5232",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5232"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2022-3008",
"datePublished": "2022-09-05T09:10:11.000Z",
"dateReserved": "2022-08-26T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:50:13.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}