Home

Description

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure.

PUBLISHED Reserved 2026-03-16 | Published 2026-03-23 | Updated 2026-03-31 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-190 Integer overflow or wraparound

Product status

Default status
unaffected

Any version
affected

Credits

Ana Kapulica finder

References

github.com/jkuhlmann/cgltf/issues/287 exploit

github.com/jkuhlmann/cgltf/issues/287 issue-tracking mitigation

www.vulncheck.com/...se-accessor-validation-integer-overflow third-party-advisory

cve.org (CVE-2026-32845)

nvd.nist.gov (CVE-2026-32845)

Download JSON