CVE-2021-26825 Information
Jun 07, 2022
cve
Description
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width tga_header.image_height) pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application attack vector can be local or remote and can lead to code execution and/or system crash.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://github.com/godotengine/godot/pull/45702 https://github.com/godotengine/godot/pull/45702/files
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: