stable

godot-3.1.2-2.el7

FEDORA-EPEL-2023-2455ae47ae created by akien a year ago for Fedora EPEL 7

Backports some fixes to reported security vulnerabilities in Godot's TGA loader, and the tinyexr dependency.

CVE-2021-26825 - An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

CVE-2021-26826 - A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

CVE-2022-38529 - tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress.

This update has been submitted for testing by akien.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#1926935 CVE-2021-26826 godot: stack overflow caused by improper boundary checks when loading .TGA image files [epel-7]
0
0
BZ#1926938 CVE-2021-26825 godot: integer overflow when loading specially crafted .TGA image files [epel-7]
0
0
BZ#2124780 CVE-2022-38529 godot: heap-buffer overflow via the component rleUncompress. [epel-all]
0
0

Automated Test Results