Skip to main content

Panda3d CVE-2026-22189

MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-01-07 disclosure@vulncheck.com
Buffer Overflow Stack Overflow RCE Panda3d
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Severity Changed
May 26, 2026 - 14:22 NVD
CRITICAL MEDIUM
CVSS changed
May 26, 2026 - 14:22 NVD
9.8 (CRITICAL) 6.9 (MEDIUM)
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 12, 2026 - 17:59 vuln.today
Public exploit code
CVE Published
Jan 07, 2026 - 21:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.

AnalysisAI

Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Supply oversized glyph pattern via -gp flag
Exploit
Trigger unbounded sprintf() in egg-mkfont
Execution
Overflow stack buffer
Impact
Execute arbitrary code or crash
Sign in to reveal

Vulnerability AssessmentAI

Exploitation egg-mkfont tool from Panda3D versions ≤1.10.16 must be invoked by attacker with ability to provide command-line arguments; -gp (glyph pattern) parameter accepts attacker-controlled input without length validation. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 9.8 (Critical). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker provides a game asset package containing instructions to run egg-mkfont with a long glyph pattern. The stack overflow executes shellcode in the developer's environment.
Remediation Update Panda3D when a patch is available. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all affected systems and apply vendor patches immediately. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-22189 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy