Bug 1182177 – VUL-0: CVE-2021-26825: godot: integer overflow when loading specially crafted .TGA image files

Bug 1182177 - (CVE-2021-26825) VUL-0: CVE-2021-26825: godot: integer overflow when loading specially crafted .TGA image files

(CVE-2021-26825)
Summary:	VUL-0: CVE-2021-26825: godot: integer overflow when loading specially crafted...

Status:	RESOLVED FIXED

Classification:	openSUSE
Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security
Version:	Current
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major (vote)
Target Milestone:	Current
Assigned To:	c unix
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/277464/
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2021-26826
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-02-12 11:26 UTC by Alexandros Toptsoglou
Modified:	2021-03-01 17:01 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2021-26826
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexandros Toptsoglou 2021-02-12 11:26:05 UTC

CVE-2021-26825

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

Reference:
https://github.com/godotengine/godot/pull/45702

Upstream patch:
https://github.com/godotengine/godot/pull/45702/commits/113b5ab1c45c01b8e6d54d13ac8876d091f883a8

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1926936
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26825
https://github.com/godotengine/godot/pull/45702
https://github.com/godotengine/godot/pull/45702/files
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26825

Comment 1 Alexandros Toptsoglou 2021-02-12 11:26:30 UTC

Only in Factory.

Comment 2 c unix 2021-02-15 18:01:59 UTC

(In reply to Alexandros Toptsoglou from comment #0)
Thank you for the report.
> Upstream patch:
> https://github.com/godotengine/godot/pull/45702/commits/
> 113b5ab1c45c01b8e6d54d13ac8876d091f883a8

With this commit as patch an update is submitted:
https://build.opensuse.org/request/show/872035

Comment 3 c unix 2021-03-01 17:01:47 UTC

Request got accepted.
Closing as fixed.