These are all security issues fixed in the libtinyobjloader2-2.0.0rc8+git.20210821-1.2 package on the GA media of openSUSE Tumbleweed.