CVE-2026-22189

Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16

Description The software contains a stack-based buffer overflow issue because of the use of an unbounded sprintf() call with input controlled by an attacker. When creating glyph filenames, the software formats a glyph pattern supplied by the user (-gp) into a fixed-size stack buffer without validating the length. Providing a glyph pattern string that is too long can cause the stack buffer to overflow, leading to memory corruption and a crash. Depending on the build configuration and execution environment, this overflow may also allow for arbitrary code execution.

Recommendations Versions prior to 1.10.16 are not affected. Versions up to and including 1.10.16 are affected.