CVE-2024-54756

Name of the Vulnerable Software and Affected Versions GZDoom version 4.13.1

Description A remote code execution vulnerability in the ZScript function of GZDoom allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file.

Recommendations For GZDoom version 4.13.1, consider disabling the ZScript function until a patch is available to prevent exploitation. Restrict access to the ZScript source files to minimize the risk of malicious code execution. Avoid using crafted PK3 files that may contain malicious ZScript source files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.