Fedora Account System
Red Hat Associate
Red Hat Customer
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. Reference: https://github.com/godotengine/godot/pull/45702 Upstream patch: https://github.com/godotengine/godot/pull/45702/commits/113b5ab1c45c01b8e6d54d13ac8876d091f883a8
Created godot tracking bugs for this issue: Affects: epel-7 [bug 1926938] Affects: fedora-all [bug 1926937]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.