CVE-2021-26826

HIGH

Godot Engine < 3.2 - Stack Overflow via TGA Image File Parsing

Title source: llm
STIX 2.1

Description

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/godotengine/godot/pull/45701

Scores

CVSS v3 7.8
EPSS 0.0150
EPSS Percentile 71.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
godotengine/godot_engine < 3.2
Published Feb 08, 2021
Tracked Since Feb 18, 2026