{"id":"CVE-2021-26825","details":"An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.","modified":"2026-04-10T04:31:21.829388Z","published":"2021-02-08T15:15:12.333Z","related":["openSUSE-SU-2024:10813-1","openSUSE-SU-2024:12761-1"],"references":[{"type":"FIX","url":"https://github.com/godotengine/godot/pull/45702"},{"type":"FIX","url":"https://github.com/godotengine/godot/pull/45702/files"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/godotengine/godot","events":[{"introduced":"0"},{"last_affected":"4e7d75ccd350b98bccea517c034b367f52cf127e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.2"}]}}],"versions":["2.0-stable","3.0-stable","3.1-stable","3.2-stable"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26825.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}