Vulnerability Details CVE-2020-15007
A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-15007
-
cpe:2.3:a:doom_vanille_project:doom_vanille:666
-
cpe:2.3:a:doom_vanille_project:doom_vanille:667
-
cpe:2.3:a:doom_vanille_project:doom_vanille:668
-
cpe:2.3:a:doom_vanille_project:doom_vanille:669
-
cpe:2.3:a:doom_vanille_project:doom_vanille:670
-
cpe:2.3:a:idsoftware:tech_1:-