17 matches found
CVE-2025-54065
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
CVE-2025-54065
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
CVE-2025-54065
GZDoom (versions 4.14.2 and earlier) is affected. In ZScript actor state handling, scripts can read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted FState and VMFunction structures. A script can copy FState structures into a writa...
CVE-2025-54065
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
EUVD-2025-201101
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
CVE-2025-54065 GZDoom engine allows arbitrary code execution via ZScript actor states
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
GZDoom 安全漏洞
GZDoom is a feature-centered port of the ZDoom open source for all Doom engine games based on ZDoom. A security vulnerability exists in GZDoom 4.14.2 and earlier versions, which stems from improper handling of the ZScript actor state and could lead to the execution of arbitrary code...
PT-2025-48964
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted...
EUVD-2025-4457
Malicious code in bioql PyPI...
CVE-2024-54756
A remote code execution RCE vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file...
CVE-2024-54756
A remote code execution RCE vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file...
CVE-2024-54756
CVE-2024-54756 affects GZDoom v4.13.1 (ZDoom Team GZDoom). The vulnerability stems from the ZScript function parsing in PK3/WAD files, enabling remote code execution when a crafted PK3 containing malicious ZScript is loaded. Public writeups describe an exploit chain in ZScript involving an oversi...
GZDoom 安全漏洞
GZDoom is a ZDoom open source feature-centric port of all Doom engine games based on ZDoom. A security vulnerability exists in GZDoom version v4.13.1 that stems from improper parsing of malicious PK3 files by ZScript functions. An attacker exploiting this vulnerability could execute arbitrary cod...
CVE-2024-54756
A remote code execution RCE vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file...
PT-2025-7438 · Gzdoom · Gzdoom
Name of the Vulnerable Software and Affected Versions: GZDoom version 4.13.1 Description: A remote code execution vulnerability in the ZScript function of GZDoom allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file. Recommendations...
CVE-2024-54756
A remote code execution RCE vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file...