It was discovered that TinyGLTF performed file path expansion in an insecure way on certain inputs. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.
{ "binaries": [ { "binary_name": "libtinygltf-dev", "binary_version": "2.5.0+dfsg-4ubuntu0.1" }, { "binary_name": "libtinygltf1d", "binary_version": "2.5.0+dfsg-4ubuntu0.1" }, { "binary_name": "libtinygltf1d-dbgsym", "binary_version": "2.5.0+dfsg-4ubuntu0.1" } ], "availability": "No subscription required" }