Panda3d Uncontrolled Format String Allows Stack Memory Disclosure (CVE-2026-22190)

January 8, 2026 Jason Davies 903 Views 0 Comments CVE-2026-22190, Cyber Security, Panda3D 0 min read

CVE number = CVE-2026-22190

Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability.

The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied.

If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values.

Further details – https://seclists.org/fulldisclosure/2026/Jan/11

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Panda3d Uncontrolled Format String Allows Stack Memory Disclosure (CVE-2026-22190)

Like this:

Related Posts

Leave a ReplyCancel reply

Share this:

Like this:

Related Posts

Leave a ReplyCancel reply