This security bulletin contains one high risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to execute arbitrary commands on the system.
The vulnerability exists due to insufficient parsing of user-supplied input within the wordexp() when handling file paths. A remote attacker can supply specially crafted string to the affected application and execute arbitrary OS commands on the system.
Install updates from vendor's website.Vulnerable software versions
tinygltf: 2.1.0 - 2.5.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?