[Bug 1182177] New: VUL-0: CVE-2021-26825: godot: integer overflow when loading specially crafted .TGA image files
http://bugzilla.opensuse.org/show_bug.cgi?id=1182177 Bug ID: 1182177 Summary: VUL-0: CVE-2021-26825: godot: integer overflow when loading specially crafted .TGA image files Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/277464/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: cunix@mail.de Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de CC: maxmitschke@fastmail.com Found By: Security Response Team Blocker: --- CVE-2021-26825 An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. Reference: https://github.com/godotengine/godot/pull/45702 Upstream patch: https://github.com/godotengine/godot/pull/45702/commits/113b5ab1c45c01b8e6d5... References: https://bugzilla.redhat.com/show_bug.cgi?id=1926936 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26825 https://github.com/godotengine/godot/pull/45702 https://github.com/godotengine/godot/pull/45702/files http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26825 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182177 http://bugzilla.opensuse.org/show_bug.cgi?id=1182177#c1 Alexandros Toptsoglou <atoptsoglou@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Security |Security Version|Leap 15.2 |Current Product|openSUSE Distribution |openSUSE Tumbleweed Target Milestone|--- |Current --- Comment #1 from Alexandros Toptsoglou <atoptsoglou@suse.com> --- Only in Factory. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182177 http://bugzilla.opensuse.org/show_bug.cgi?id=1182177#c2 c unix <cunix@mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugzilla.opensuse.o | |rg/show_bug.cgi?id=1182178 --- Comment #2 from c unix <cunix@mail.de> --- (In reply to Alexandros Toptsoglou from comment #0) Thank you for the report.
Upstream patch: https://github.com/godotengine/godot/pull/45702/commits/ 113b5ab1c45c01b8e6d54d13ac8876d091f883a8
With this commit as patch an update is submitted: https://build.opensuse.org/request/show/872035 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182177 c unix <cunix@mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1182178 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182177 http://bugzilla.opensuse.org/show_bug.cgi?id=1182177#c3 c unix <cunix@mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from c unix <cunix@mail.de> --- Request got accepted. Closing as fixed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com