Home / Vulnerability Intelligence / CVE-2026-29628

CVE-2026-29628 - Vulnerability Analysis

N/a

Last Updated: April 13, 2026

tinyobjloader - Denial of Service

Published: April 13, 2026Updated: April 13, 2026PoC Available

Overview

tinyobjloader contains a buffer overflow caused by improper handling of crafted .mtl files in experimental/tinyobj_loader_opt.h, letting attackers cause denial of service, exploit requires crafted .mtl file.

Severity & Score

Severity: N/a

Impact

Attackers can cause denial of service by crashing the application via crafted .mtl files.

Mitigation

Update to the latest version of tinyobjloader.

References

https://github.com/kiyochii/CVE-2026-29628
https://github.com/kiyochii/tinyobjloader/commit/386b73bb8c1a855236beb73b11f45f7feac4e03a

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29628
Severity: N/a
Type: buffer_overflow
Status: new

CVSS Metrics

N/A