CNNVD-202601-1143 Information

CNNVD ID

CNNVD-202601-1143

Related CVE

CVE-2026-22190

• CNNVD Published: 2026-01-07

Description (Chinese)

Panda3D是Panda3D开源的一个跨平台游戏引擎。 Panda3D 1.10.16及之前版本存在格式化字符串错误漏洞，该漏洞源于egg-mkfont存在未受控的格式字符串漏洞，可能导致栈内存和指针值泄露。

Description (English)

Panda3D is a cross-platform game engine for Panda3D open source. Panda3D 1.10.16 and previous versions contain a formatted string error loophole, which stems from an uncontrollable format string loophole in egg-mkfont, which may lead to the leaking of stack memory and pointer values.

Hazard Level

High

Vulnerability Type

格式化字符串错误

Affected Vendor

Panda3D

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/panda3d/panda3d https://seclists.org/fulldisclosure/2026/Jan/11 https://www.panda3d.org/ https://www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosure