Security vulnerabilities and automated fixes for gltf issues
1 post found
A critical out-of-bounds heap read vulnerability was discovered in the Effekseer GLTF resource loader, where a `memcpy` operation copied data from a buffer without first verifying the source contained enough bytes. An attacker could craft a malicious GLTF file with truncated buffer data to crash the application or leak sensitive heap memory contents. The fix adds a simple but essential bounds check before the copy operation, ensuring the source buffer always contains at least as many bytes as th