An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14938
Reference (s):
- https://bugs.freedroid.org/b/issue951
- https://logicaltrust.net/blog/2020/02/freedroid.html