VYPR

Panda3d

by Panda3d

Source repositories

CVEs (3)

  • CVE-2026-22189CriJan 7, 2026
    risk 0.64cvss 9.8epss 0.00

    The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph…

  • CVE-2026-22190HigJan 7, 2026
    risk 0.49cvss 7.5epss 0.00

    The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker…

  • CVE-2026-22188MedJan 7, 2026
    risk 0.36cvss 5.5epss 0.00

    The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc…