19 matches found
CVE-2026-22190
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...
CVE-2026-22189
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...
CVE-2026-22190
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...
CVE-2026-22189
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...
CVE-2026-22189
Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a fixed-size stack buff...
CVE-2026-22190
Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format specifiers,...
Use of Externally-Controlled Format String
Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the egg-mkfont component. An attacker can access sensitive stack-resident memory and...
Stack-based Buffer Overflow
Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the egg-mkfont process. An attacker can cause memory corruption or execute arbitrary code by supplyin...
CVE-2026-22190 Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...
CVE-2026-22190
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...
CVE-2026-22190
Summary of CVE-2026-22190 (Panda3D) Affected: Panda3D up to and including 1.10.16, specifically the egg-mkfont utility. Vulnerability: Uncontrolled format string in the -gp (glyph pattern) option. The option is passed directly as the format string to sprintf() with only one argument. If an attack...
CVE-2026-22190 Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...
CVE-2026-22189
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...
CVE-2026-22189 Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...
CVE-2026-22189
CVE-2026-22189 affects Panda3D
CVE-2026-22189 Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern -gp into a...
Panda3D 缓冲区错误漏洞
Panda3D is a cross-platform game engine from Panda3D open source. A security vulnerability exists in Panda3D 1.10.16 and earlier versions, which stems from the use of unbounded sprintf calls in egg-mkfont, and may result in stack buffer overflow, memory corruption, or arbitrary code execution...
Panda3D 格式化字符串错误漏洞
Panda3D is a cross-platform game engine from Panda3D open source. A formatting string error vulnerability exists in Panda3D 1.10.16 and earlier versions, which stems from an uncontrolled formatting string vulnerability in egg-mkfont that could lead to stack memory and pointer value disclosure...
PT-2026-2164
Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16 Description Panda3D’s egg-mkfont utility contains an uncontrolled format string issue. The -gp command-line option is directly used as the format string for the sprintf function with a single...