CVE-2021-26825 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary code execution
Description	An integer overflow issue exists in Godot Engine version 3.2.3 that can be triggered when loading specially crafted TGA image files. The vulnerability exists in the ImageLoaderTGA::load_image() function in the line "const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size;" The bug leads to a dynamic stack buffer overflow. Depending on the context of the application, the attack vector can be local or remote, and can lead to code execution and/or a system crash.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1544	godot	3.2.3-1	3.2.3-2	Medium	Fixed	FS#70057

Date	Advisory	Group	Package	Severity	Type
25 Mar 2021	ASA-202103-26	AVG-1544	godot	Medium	arbitrary code execution

References
https://github.com/godotengine/godot/pull/45702 https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8