Vulnerabilities (CVE)

Filtered by vendor Freedroid Subscribe
Filtered by product Freedroidrpg
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-14939 1 Freedroid 1 Freedroidrpg 2024-02-04 6.8 MEDIUM 7.8 HIGH
An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.
CVE-2020-14938 1 Freedroid 1 Freedroidrpg 2024-02-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.