VYPR

FreedroidRPG

by FreedroidRPG

CVEs (2)

  • CVE-2020-14938CriJun 23, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.

  • CVE-2020-14939HigJun 23, 2020
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.