Posted by Ron E on Jan 05
A stack-based buffer overflow vulnerability exists in the Panda3D
egg-mkfont utility due to the use of an unbounded sprintf() call with
attacker-controlled input. By supplying an excessively long glyph pattern
string via the -gp command-line option, an attacker can trigger a stack
buffer overflow, resulting in a deterministic crash of the egg-mkfont
process.
*Technical Details:*
The vulnerability occurs when egg-mkfont constructs output glyph…
– Read More – Full Disclosure
