CVE Vulnerability

CVE-2021-26825

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/godotengine/godot/pull/45702 Patch Third Party Advisory
https://github.com/godotengine/godot/pull/45702/files Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:godotengine:godot_engine:*:*:*:*:*:*:*:*
Information

Published : 2021-02-08 03:15

Updated : 2021-02-11 03:59

NVD link : CVE-2021-26825

Mitre link : CVE-2021-26825

Products Affected
No products.
CWE
CWE-190