[Bug 1182178] New: VUL-0: CVE-2021-26826: godot: stack overflow caused by improper boundary checks when loading .TGA image files
http://bugzilla.opensuse.org/show_bug.cgi?id=1182178 Bug ID: 1182178 Summary: VUL-0: CVE-2021-26826: godot: stack overflow caused by improper boundary checks when loading .TGA image files Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/277465/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: cunix@mail.de Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de CC: maxmitschke@fastmail.com Found By: Security Response Team Blocker: --- CVE-2021-26826 A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash. Reference: https://github.com/godotengine/godot/pull/45701 Upstream patch: https://github.com/godotengine/godot/pull/45701/commits/403e4fd08b0b212e96f5... References: https://bugzilla.redhat.com/show_bug.cgi?id=1926933 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26826 https://github.com/godotengine/godot/pull/45701 https://github.com/godotengine/godot/pull/45701/commits/403e4fd08b0b212e96f5... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182178 http://bugzilla.opensuse.org/show_bug.cgi?id=1182178#c1 Alexandros Toptsoglou <atoptsoglou@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Security |Security Version|Leap 15.2 |Current Product|openSUSE Distribution |openSUSE Tumbleweed Target Milestone|--- |Current --- Comment #1 from Alexandros Toptsoglou <atoptsoglou@suse.com> --- Only in Factory -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182178 c unix <cunix@mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |http://bugzilla.opensuse.or | |g/show_bug.cgi?id=1182177 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182178 http://bugzilla.opensuse.org/show_bug.cgi?id=1182178#c2 c unix <cunix@mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1182177 --- Comment #2 from c unix <cunix@mail.de> --- (In reply to Alexandros Toptsoglou from comment #0) Thank you for the report.
Upstream patch: https://github.com/godotengine/godot/pull/45701/commits/ 403e4fd08b0b212e96f53d926e6273e0745eaa5a
This seems to be a commit on the master branch that is not in factory. The issue is hopefully going to be fixed with https://build.opensuse.org/request/show/872035 that is tackled in boo#1182177 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182178 Bug 1182178 depends on bug 1182177, which changed state. Bug 1182177 Summary: VUL-0: CVE-2021-26825: godot: integer overflow when loading specially crafted .TGA image files http://bugzilla.opensuse.org/show_bug.cgi?id=1182177 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1182178 http://bugzilla.opensuse.org/show_bug.cgi?id=1182178#c3 c unix <cunix@mail.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from c unix <cunix@mail.de> --- Request got accepted. Closing as fixed. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com