CVE-2021-26825 log

Source
Severity Medium
Remote Yes
Type Arbitrary code execution
Description
An integer overflow issue exists in Godot Engine version 3.2.3 that can be triggered when loading specially crafted TGA image files. The vulnerability exists in the ImageLoaderTGA::load_image() function in the line "const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size;" The bug leads to a dynamic stack buffer overflow. Depending on the context of the application, the attack vector can be local or remote, and can lead to code execution and/or a system crash.
Group Package Affected Fixed Severity Status Ticket
AVG-1544 godot 3.2.3-1 Medium Vulnerable
References
https://github.com/godotengine/godot/pull/45702
https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8