VYPR
Low severity3.1NVD Advisory· Published Sep 26, 2017· Updated Jun 17, 2026

CVE-2015-5070

CVE-2015-5070

Description

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • cpe:2.3:a:wesnoth:battle_for_wesnoth:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:wesnoth:battle_for_wesnoth:*:*:*:*:*:*:*:*range: <=1.12.2
    • cpe:2.3:a:wesnoth:battle_for_wesnoth:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • Wesnoth/Wesnothllm-fuzzy
    Range: <1.12.4, <1.13.1
  • Range: <1.12.4, <1.13.1

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.