CVE-2026-32845

Name of the Vulnerable Software and Affected Versions cgltf versions prior to 1.15

Description cgltf versions prior to 1.15 contain an integer overflow issue in the cgltf validate() function when validating sparse accessors. This allows attackers to trigger out-of-bounds reads by providing specially crafted glTF/GLB input files with attacker-controlled size values. Unchecked arithmetic operations in sparse accessor validation can cause heap buffer over-reads in the cgltf calc index bound() function, potentially leading to denial of service and memory disclosure.

Recommendations Update to a version newer than 1.15.