Michael Vaughan

**Name of the Vulnerable Software and Affected Versions** GNU Chess version 6.2.7 **Description** The issue allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the `cmd pgnload` and `cmd pgnreplay` functions in frontend/cmd.cc. **Recommendations** For GNU Chess version 6.2.7, as a temporary workaround, consider disabling the `cmd pgnload` and `cmd pgnreplay` functions until a patch is available. Restrict access to the .tmp.epd temporary file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.