Vulnerability Details : CVE-2021-26825
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
Vulnerability category: Overflow
Products affected by CVE-2021-26825
- cpe:2.3:a:godotengine:godot_engine:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-26825
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-26825
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-26825
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-26825
-
https://github.com/godotengine/godot/pull/45702/files
[3.2] Fix a crash in the TGA loader with malformed input by hpvb · Pull Request #45702 · godotengine/godot · GitHubPatch;Third Party Advisory
-
https://github.com/godotengine/godot/pull/45702
[3.2] Fix a crash in the TGA loader with malformed input by hpvb · Pull Request #45702 · godotengine/godot · GitHubPatch;Third Party Advisory
Jump to