CVE-2020-15007

Published: Jun 24, 2020Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.

Affected (2)

Products: Idsoftware: Tech 1 · Doom Vanille Project: Doom Vanille

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Idsoftware Tech 1	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Doom Vanille Project Doom Vanille	Before 671

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (4)

https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec

Source: cve@mitre.org

PatchThird Party Advisory

https://twitter.com/notrevenant/status/1268654123903340544

Source: cve@mitre.org

Third Party Advisory

https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://twitter.com/notrevenant/status/1268654123903340544

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.