CVE-2020-14938

Name of the Vulnerable Software and Affected Versions FreedroidRPG version 1.0rc2

Description The issue arises from the assumption of data set lengths read from saved game files in map.c. It leads to a heap-based buffer overflow due to the lack of size verification when copying data from a file into a fixed-size heap-allocated buffer.

Recommendations For FreedroidRPG version 1.0rc2, consider restricting access to saved game files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the affected map.c functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.