Skip to main content

Panda3d

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-22190 MEDIUM POC This Month

Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.

Information Disclosure Panda3d
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-22189 MEDIUM POC This Month

Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.

Buffer Overflow Stack Overflow RCE Panda3d
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-22190
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Panda3D egg-mkfont up to version 1.10.16 contains a format string vulnerability in the -gp command-line option that allows attackers to read arbitrary stack memory and leak pointer values by injecting format specifiers into generated .egg and .png files. Public exploit code exists for this vulnerability, and no patch is currently available. This affects all users of the egg-mkfont utility who process untrusted input.

Information Disclosure Panda3d
NVD GitHub VulDB
CVE-2026-22189
EPSS 0% CVSS 6.9
MEDIUM POC This Month

Panda3D egg-mkfont (through 1.10.16) has a stack buffer overflow via an unbounded sprintf() with attacker-controlled glyph pattern input. PoC available.

Buffer Overflow Stack Overflow RCE +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy