An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. References:

Created freedroidrpg tracking bugs….



Source link

You must be logged in to post a comment.