CVE-2021-26826
HIGHGodot Engine < 3.2 - Stack Overflow via TGA Image File Parsing
Title source: llmDescription
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/godotengine/godot/pull/45701
Patch, Third Party Advisory x_refsource_misc
https://github.com/godotengine/godot/pull/45701/commits/403e4fd08b0b212e96f53d926e6273e0745eaa5a
Scores
CVSS v3
7.8
EPSS
0.0150
EPSS Percentile
71.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
godotengine/godot_engine
< 3.2
Published
Feb 08, 2021
Tracked Since
Feb 18, 2026