Skip to main content

Cgltf CVE-2026-32845

| EUVDEUVD-2026-14448 MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-03-23 VulnCheck
6.9
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 01, 2026 - 15:22 NVD
HIGH MEDIUM
CVSS changed
May 01, 2026 - 15:22 NVD
8.4 (HIGH) 6.9 (MEDIUM)
EUVD ID Assigned
Mar 23, 2026 - 16:15 euvd
EUVD-2026-14448
Analysis Generated
Mar 23, 2026 - 16:15 vuln.today
CVE Published
Mar 23, 2026 - 15:50 nvd
HIGH 8.4

DescriptionCVE.org

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers can exploit unchecked arithmetic operations in sparse accessor validation to cause heap buffer over-reads in cgltf_calc_index_bound(), resulting in denial of service crashes and potential memory disclosure.

AnalysisAI

cgltf versions 1.15 and earlier are vulnerable to integer overflow in sparse accessor validation that enables local attackers to craft malicious glTF/GLB files triggering heap buffer over-reads. Exploitation causes denial of service through application crashes and may leak sensitive memory contents. No patch is currently available for this high-severity vulnerability (CVSS 8.4).

Technical ContextAI

cgltf is a single-file C99 glTF/GLB parser library developed by jkuhlmann, widely used for 3D model file processing in graphics engines, game development frameworks, and digital asset pipelines. The vulnerability resides specifically in the cgltf_validate() function's handling of sparse accessors, which are a glTF feature that optimize storage of sparse data by only storing non-default values. The root cause is classified under CWE-190 (Integer Overflow or Wraparound), manifesting in the cgltf_calc_index_bound() calculation function where attacker-controlled size fields in the sparse accessor definition are used in arithmetic operations without proper overflow checks. When an integer overflow occurs during these calculations, the resulting value can be used to compute incorrect buffer bounds, leading to heap buffer over-reads when the validation logic attempts to access sparse accessor data.

RemediationAI

Upgrade cgltf to a version newer than 1.15 once a patched release is available from the official repository. Users should monitor the jkuhlmann/cgltf GitHub repository at https://github.com/jkuhlmann/cgltf for security patches and review the VulnCheck advisory at https://www.vulncheck.com/advisories/jkuhlmann-cgltf-sparse-accessor-validation-integer-overflow for detailed patch information. As an interim mitigation, applications processing untrusted glTF/GLB files should implement file validation layers that verify sparse accessor size fields against document bounds before invoking cgltf_validate(), disable sparse accessor processing if not required for functionality, or restrict glTF file processing to trusted sources only. Additionally, sandboxing the glTF parsing process or running it in memory-protected environments can limit the impact of denial of service attacks.

Share

CVE-2026-32845 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy