These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A format string vulnerability exists in the egg-mkfont utility distributed with Panda3D, a 3D game engine developed by Carnegie Mellon University. The vulnerability affects versions up to and including 1.10.16. The -gp (glyph pattern) command-line option is passed directly to sprintf() as a format string with only a single argument supplied. An attacker who can control this input may inject additional for [truncated]
A stack-based buffer overflow vulnerability exists in the egg-mkfont utility of Panda3D, a game engine and 3D rendering framework developed by Carnegie Mellon University. The vulnerability stems from an unbounded sprintf() call when processing user-supplied glyph patterns (-gp parameter), allowing an attacker to overflow a fixed-size stack buffer through an excessively long input string. This results in m [truncated]
## Summary Panda3D's deploy-stub component (≤1.10.16) is vulnerable to denial of service via unbounded stack allocation. The component uses `alloca()` to create `argv_copy` and `argv_copy2` arrays sized directly by attacker-controlled `argc` without validation. A large number of command-line arguments exhausts stack space, causing crash and undefined behavior during Python interpreter initialization. ## T [truncated]