CVE-2007-4644

Name of the Vulnerable Software and Affected Versions: Doomsday versions 1.9.0-beta5.1 and earlier

Description: The issue is related to a format string vulnerability in the Cl GetPackets function. This vulnerability allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV CONSOLE TEXT message.

Recommendations: For Doomsday versions 1.9.0-beta5.1 and earlier, consider disabling the Cl GetPackets function until a patch is available. Restrict access to the client in Doomsday to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.