CNNVD-202601-1145 Information

CNNVD ID

CNNVD-202601-1145

Related CVE

CVE-2026-22189

• CNNVD Published: 2026-01-07

Description (Chinese)

Panda3D是Panda3D开源的一个跨平台游戏引擎。 Panda3D 1.10.16及之前版本存在安全漏洞，该漏洞源于egg-mkfont使用无界sprintf调用，可能导致栈缓冲区溢出、内存损坏或任意代码执行。

Description (English)

Panda3D is a cross-platform game engine for Panda3D open source. There is a security loophole in the Panda3D 1.10.16 and previous versions, which stems from the use of the egg-mkfont for unbridled sprintf calls, which may lead to spillage, memory damage or arbitrary code enforcement of the fence.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Panda3D

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/panda3d/panda3d https://seclists.org/fulldisclosure/2026/Jan/10 https://www.panda3d.org/ https://www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflow