CVE-2021-26825

Name of the Vulnerable Software and Affected Versions: Godot Engine versions up to v3.2

Description: An integer overflow issue exists in the Godot Engine that can be triggered when loading specially crafted .TGA image files. The issue is located in the ImageLoaderTGA::load image() function and leads to a dynamic stack buffer overflow. Depending on the application context, the attack vector can be local or remote, potentially resulting in code execution and/or system crash.

Recommendations: For Godot Engine versions up to v3.2, consider disabling the ImageLoaderTGA::load image() function when loading .TGA image files to minimize the risk of exploitation until a patch is available. Restrict the loading of .TGA files from untrusted sources to reduce the risk of remote attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.