Vulnerability Description
A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Idsoftware | Tech 1 | - |
| Doom Vanille Project | Doom Vanille | < 671 |
Related Weaknesses (CWE)
References
- https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabPatchThird Party Advisory
- https://twitter.com/notrevenant/status/1268654123903340544Third Party Advisory
- https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabPatchThird Party Advisory
- https://twitter.com/notrevenant/status/1268654123903340544Third Party Advisory
FAQ
What is CVE-2020-15007?
CVE-2020-15007 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of chara...
How severe is CVE-2020-15007?
CVE-2020-15007 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-15007?
Check the references section above for vendor advisories and patch information. Affected products include: Idsoftware Tech 1, Doom Vanille Project Doom Vanille.