CVE-2026-32845

Published: Mar 23, 2026 Last Modified: Mar 23, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure.

190

Integer Overflow or Wraparound

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism Alter Execution Logic Dos: Resource Consumption (Cpu)

Applicable Platforms

Languages: C, Not Language-Specific

Likelihood of Exploit: Medium

View CWE Details

https://github.com/jkuhlmann/cgltf/issues/287

https://www.vulncheck.com/advisories/jkuhlmann-cgltf-sparse…

https://www.vulncheck.com/advisories/jkuhlmann-cgltf-sparse-accessor-validation…

CVE-2026-32845

Description

Integer Overflow or Wraparound

Common Consequences

Applicable Platforms

Iscriviti alla newsletter