VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 29, 2019· Updated Aug 5, 2024

CVE-2019-15767

CVE-2019-15767

Description

In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

Root cause

"A stack-based buffer overflow occurs in the cmd_load function due to improper handling of file input."

Attack vector

An attacker can trigger this vulnerability by providing a crafted EPD file to the `cmd_load` function. The vulnerability occurs when the filename is too long and lacks newline characters, causing the copying loop to overflow the `data` buffer. This overflow can corrupt the stack, potentially overwriting the base pointer and return address [ref_id=1].

Affected code

The vulnerability resides in the `cmd_load` function located in the file `frontend/cmd.cc`. Specifically, lines 318-322 contain the problematic `while` loop that copies data from the loaded file to a buffer without proper bounds checking against null terminators [ref_id=1].

What the fix does

The patch modifies the `cmd_load` function to correctly handle the termination condition of the copying loop. Instead of solely relying on newline characters, the loop now also checks for null terminators, preventing the buffer overflow. This ensures that data is copied safely without exceeding the allocated buffer size [ref_id=1].

Preconditions

  • inputThe attacker must provide a crafted EPD file with a filename that is too long and lacks newline characters.

Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.