CVE-2020-14939

Name of the Vulnerable Software and Affected Versions FreedroidRPG version 1.0rc2

Description An issue in the savestruct internal.c file allows saved game files, which are composed of Lua scripts, to be modified and execute arbitrary Lua code while loading, leading to arbitrary code execution.

Recommendations For FreedroidRPG version 1.0rc2, consider restricting the execution of Lua scripts from saved game files until a patch is available. As a temporary workaround, avoid loading saved game files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.