VYPR

Doom 3 engine

by ID Software

CVEs (2)

  • CVE-2007-5248Oct 6, 2007
    risk 0.04cvss epss 0.07

    Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2020-15007Jun 24, 2020
    risk 0.00cvss epss 0.02

    A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.