CVE-2020-28589

Summary

An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/atinyobjloadertinyobjloader development commit 79d4421 , tinyobjloader v2.0-rc1affected

Weaknesses

  • CWE-129: CWE-129: Improper Validation of Array Index

ADP Enrichment

CVE Program Container

Additional References

References