48 matches found
EUVD-2026-5327
Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...
EUVD-2021-13611
Malware in sbrugna...
EUVD-2021-13610
Malware in sbrugna...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Godot Engine vulnerabilities (USN-7579-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7579-1 advisory. It was discovered that the Godot Engine did not properly handle certain malformed WebM media files. If the Godot...
USN-7579-1: Godot Engine vulnerabilities
It was discovered that the Godot Engine did not properly handle certain malformed WebM media files. If the Godot Engine opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2019-2126 It was discovered that the Godot Engin...
USN-7579-1 godot vulnerabilities
It was discovered that the Godot Engine did not properly handle certain malformed WebM media files. If the Godot Engine opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2019-2126 It was discovered that the Godot Engin...
CVE-2018-1000224
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in DeSerialization functions core/io/marshalls.cpp that can result in DoS packet of...
Linux Distros Unpatched Vulnerability : CVE-2021-26826
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of th...
Linux Distros Unpatched Vulnerability : CVE-2021-26825
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in...
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware
A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands...
SUSE CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...
SUSE CVE-2021-26826
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...
CVE-2021-26826
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...
DEBIAN-CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...
CVE-2021-26826
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
DEBIAN-CVE-2021-26826
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
Stack overflow
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash...
CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::loadimage function at line: const sizet buffersize = tgaheader.imagewidth tgaheader.imageheight pixelsize; The bug leads to...