Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Live2D mascot Momose Hiyori
Screengrab via Live2D on YouTube

Popular VTubing software has a major security flaw

Most Live2D tracking apps have been affected.

VTubing software Live2D has reported a security vulnerability in Live2D Cubism Core. According to the software developer’s findings, the vulnerability allows malicious code to be executed through modified MOC3 files.

Recommended Videos

Live2D is now investigating this issue under the advice of external security experts and is working on a software version that fixes the vulnerability within the next few days. 

“This vulnerability occurs when an application runs a maliciously modified MOC3 file,” Live2D Inc. wrote in its report last week.

“Having the modified MOC3 file loaded into the target Cubism Core may cause out-of-range memory writes and crash the application.”

Live2D advises that users can continue to use MOC3 files created by themselves or trusted parties without any concern.

Live2D advises its users to take the following precautions to protect themselves from malicious MOC3 files:

  • Do not open MOC3 files from unknown sources.
  • Open MOC3 files obtained from trusted sources.
  • Keep applications (mentioned above) that use indefinite numbers of MOC3 files up to date.

VTube studio, a widely used VTubing app, shared Live2D’s report with the following advice:

  • Most Live2D tracking apps are affected by this.
  • Only specially crafted MOC3 files are affected. Files you got from your rigger or trusted people online are safe.
  • For VTube Studio, this includes Live2D Models and Live2D Items.
  • You should be careful when loading model files from random strangers online, at least for the time being.
  • Please keep your Live2D apps updated at all times.

VTube Studio suspended Live2D model and assets from being downloaded from the workshop while the flaw is being investigated. The change was implemented to keep users safe, and the features will be enabled once the vulnerability has been fixed.


Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author