CVE-2026-22189

Medium CVSS: 6.9

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.

Vendor

Cmu

Product

Panda3d

CWE

CWE-121

Yayın Tarihi

2026-01-07 21:16:03

Güncelleme

2026-01-12 17:59:18

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-121 Panda3d MEDIUM Cmu 2026

Referanslar

https://github.com/panda3d/panda3d https://seclists.org/fulldisclosure/2026/Jan/10 https://www.panda3d.org/ https://www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflow

Benzer Kayıtlar

Medium

CVE-2026-22190

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (g…

Medium

CVE-2026-22188

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded sta…

High

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path…