High severity7.5OSV Advisory· Published Jan 7, 2026· Updated May 26, 2026
CVE-2026-22190
CVE-2026-22190
Description
The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- seclists.org/fulldisclosure/2026/Jan/11nvdExploitMailing ListThird Party Advisory
- www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosurenvdThird Party Advisory
- www.panda3d.orgnvdProduct
News mentions
0No linked articles in our index yet.