Unrated severityOSV Advisory· Published Jan 7, 2026· Updated Mar 5, 2026
Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow
CVE-2026-22189
Description
Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- seclists.org/fulldisclosure/2026/Jan/10mitretechnical-descriptionexploit
- www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflowmitrethird-party-advisory
- www.panda3d.orgmitreproduct
News mentions
0No linked articles in our index yet.