4 matches found
[ASA-202103-26] godot: arbitrary code execution
Arch Linux Security Advisory ASA-202103-26 ========================================== Severity: Medium Date : 2021-03-25 CVE-ID : CVE-2021-26825 CVE-2021-26826 Package : godot Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1544 Summary ======= The package...
CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...
CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...
CVE-2021-26825
CVE-2021-26825 affects Godot Engine up to v3.2. The vulnerability is in ImageLoaderTGA::load_image(), where the buffer_size is computed as (tga_header.image_width * tga_header.image_height) * pixel_size, causing a dynamic stack buffer overflow. Impact: potential code execution and/or crash, with ...