Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
172
security advisorydenial of serviceremote code executionUbuntu 7579-1 important: Godot Engine remote code execution risks
Several security issues were fixed in Godot Engine.. ========================================================================== Ubuntu Security Notice USN-7579-1 June 18, 2025 godot vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Godot Engine. Software Description: - godot: Full 2D and 3D game engine with editor Details: It was discovered that the Godot Engine did not properly handle certain malformed WebM media files. If the Godot Engine opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2019-2126) It was discovered that the Godot Engine did not properly handle certain malformed TGA image files. If the Godot Engine opened a specially crafted TGA image file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2021-26825, CVE-2021-26826) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 godot3 3.6+ds-2ubuntu0.1 godot3-runner 3.6+ds-2ubuntu0.1 Ubuntu 24.10 godot3 3.5.2-stable-2ubuntu0.24.10.1 godot3-runner 3.5.2-stable-2ubuntu0.24.10.1 Ubuntu 24.04 LTS godot3 3.5.2-stable-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro godot3-runner 3.5.2-stable-2ubuntu0.24.04.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS godot3 3.2.3-stable-1ubuntu0.1~esm1 Available with Ubuntu Pro godot3-runner 3.2.3-stable-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS godot3 3.2-stable-2ubuntu0.1~esm1 Available with Ubuntu Pro godot3-runner 3.2-stable-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7579-1 CVE-2019-2126, CVE-2021-26825, CVE-2021-26826 Package Information: https://launchpad.net/ubuntu/+source/godot/3.6+ds-2ubuntu0.1 https://launchpad.net/ubuntu/+source/godot/3.5.2-stable-2ubuntu0.24.10.1 . Multiple vulnerabilities have been addressed in Godot Engine impacting Ubuntu systems. Ensure your update is completed promptly to mitigate potential threats.. Ubuntu Security Notice, Godot Engine updates, security risks, remote code execution, system updates. . Severity: Important. LinuxSecurity.com Team
Jun 18, 2025
•Important
Ubuntu
198
security advisoryremote exploitcode executionArch Linux 2021-03-26 Medium: Godot Exec Flaw Notification
The package godot before version 3.2.3-2 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202103-26 ========================================= Severity: Medium Date : 2021-03-25 CVE-ID : CVE-2021-26825 CVE-2021-26826 Package : godot Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1544 Summary ====== The package godot before version 3.2.3-2 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 3.2.3-2. # pacman -Syu "godot> =3.2.3-2" The problems have been fixed upstream but no release is available yet. Workaround ========= None. Description ========== - CVE-2021-26825 (arbitrary code execution) An integer overflow issue exists in Godot Engine version 3.2.3 that can be triggered when loading specially crafted TGA image files. The vulnerability exists in the ImageLoaderTGA::load_image() function in the line "const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size;" The bug leads to a dynamic stack buffer overflow. Depending on the context of the application, the attack vector can be local or remote, and can lead to code execution and/or a system crash. - CVE-2021-26826 (arbitrary code execution) A stack overflow issue exists in Godot Engine version 3.2.3 and is caused by improper boundary checks when loading TGA image files. Depending on the context of the application, the attack vector can be local or remote, and can lead to code execution and/or a system crash. Impact ===== A remote attacker who is able to supply a crafted TGA file to a client which subsequently gets loaded by the engine is able to execute arbitrary code on the affected host. References ========= https://bugs.archlinux.org/task/70057 https://github.com/godotengine/godot/pull/45702 https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8 https://security.archlinux.org/CVE-2021-26825 https://security.archlinux.org/CVE-2021-26826 . The Arch Linux Security Bulletin addressesmedium severity risks associated with arbitrary code execution vulnerabilities found in 'godot'.. godot security, arbitrary code, arch linux advisory, code execution exploit, software vulnerabilities. . Severity: Medium. LinuxSecurity.com Team
Mar 26, 2021
•Medium
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!