CVE-2026-29628

MEDIUM

tinyobjloader - Stack-based Buffer Overflow via Crafted .mtl File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-29628. PoCs published by kiyochii.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2026-29628, demonstrating a stack-based buffer overflow in the experimental version of tinyobjloader. The PoC triggers the vulnerability by sending an oversized 'newmtl token' to the `tinyobj_opt::LoadMtl` function, leading to a stack-buffer-overflow detectable with AddressSanitizer.

Description

A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file.

Exploits (1)

nomisec WORKING POC
by kiyochii · poc
https://github.com/kiyochii/CVE-2026-29628

The repository contains a functional proof-of-concept exploit for CVE-2026-29628, demonstrating a stack-based buffer overflow in the experimental version of tinyobjloader. The PoC triggers the vulnerability by sending an oversized 'newmtl token' to the `tinyobj_opt::LoadMtl` function, leading to a stack-buffer-overflow detectable with AddressSanitizer.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: tinyobjloader (experimental version) up to commit d56555b
No auth needed
Prerequisites: AddressSanitizer and UndefinedBehaviorSanitizer enabled for detection
devstral-2 · analyzed Apr 13, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.2
EPSS 0.0017
EPSS Percentile 6.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-121
Status published
Published Apr 13, 2026
Tracked Since Apr 13, 2026