CVE-2026-22189

UNKNOWN 0.0

Panda3D <= 1.10.16 egg-mkfont Stack Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution.

CWE	CWE-121
Vendor	panda3d
Product	panda3d
Published	Jan 7, 2026
Last Updated	May 26, 2026

Stay Ahead of the Next One

Get instant alerts for panda3d panda3d

Be the first to know when new unknown vulnerabilities affecting panda3d panda3d are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Panda3D / Panda3D

0 ≤ 1.10.16

References

NVD ↗ CVE.org ↗ EPSS Data ↗

seclists.org: https://seclists.org/fulldisclosure/2026/Jan/10 panda3d.org: https://www.panda3d.org/ github.com: https://github.com/panda3d/panda3d vulncheck.com: https://www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflow

Credits

Ron Edgerson