Freedroid: >> Freedroidrpg >> 1.0 Security Vulnerabilities
An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-06-23
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
CVSS Score
7.8
EPSS Score
0.004
Published
2020-06-23