Oliverchang

**Name of the Vulnerable Software and Affected Versions** tinygltf versions prior to 2.6.0 **Description** The tinygltf library has an issue related to the use of the C library function `wordexp()` for file path expansion on untrusted paths from input files. This allows for command injection using backticks. An attacker could craft a malicious path input to exploit this, potentially leading to arbitrary code execution by sending specially formed commands. **Recommendations** For versions prior to 2.6.0, upgrade to version 2.6.0 or apply the changes from commit 52ff00a38447f06a17eab1caa2cf0730a119c751 to resolve the issue. As a temporary workaround, consider restricting the use of the `wordexp()` function until a patch is applied.