CVE-2026-22190

Medium CVSS: 5.1

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.

Vendor

Cmu

Product

Panda3d

CWE

CWE-134

Yayın Tarihi

2026-01-07 21:16:03

Güncelleme

2026-01-12 17:53:57

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-134 Panda3d MEDIUM Cmu 2026

Referanslar

https://github.com/panda3d/panda3d https://seclists.org/fulldisclosure/2026/Jan/11 https://www.panda3d.org/ https://www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosure

Benzer Kayıtlar

Medium

CVE-2026-22189

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use…

Medium

CVE-2026-22188

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded sta…

High

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path…