CVE-2021-26825 log

Severity Medium
Remote Yes
Type Arbitrary code execution
An integer overflow issue exists in Godot Engine version 3.2.3 that can be triggered when loading specially crafted TGA image files. The vulnerability exists in the ImageLoaderTGA::load_image() function in the line "const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size;" The bug leads to a dynamic stack buffer overflow. Depending on the context of the application, the attack vector can be local or remote, and can lead to code execution and/or a system crash.
Group Package Affected Fixed Severity Status Ticket
AVG-1544 godot 3.2.3-1 3.2.3-2 Medium Fixed FS#70057
Date Advisory Group Package Severity Type
25 Mar 2021 ASA-202103-26 AVG-1544 godot Medium arbitrary code execution