Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure
Vulnerability Description
Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.
CVSS Information
N/A
Vulnerability Type
使用外部控制的格式字符串
Vulnerability Title
Panda3D 格式化字符串错误漏洞
Vulnerability Description
Panda3D是Panda3D开源的一个跨平台游戏引擎。 Panda3D 1.10.16及之前版本存在格式化字符串错误漏洞,该漏洞源于egg-mkfont存在未受控的格式字符串漏洞,可能导致栈内存和指针值泄露。
CVSS Information
N/A
Vulnerability Type
N/A