mirror of
https://github.com/gentoo-mirror/guru.git
synced 2025-04-18 15:28:58 -04:00
378fd39928
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-26825 Reference: https://github.com/godotengine/godot/pull/45702 Closes: https://bugs.gentoo.org/769761 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Ross Charles Campbell <rossbridger.cc@gmail.com>