← Back

Wesnoth

wesnoth

Vendor: Wesnoth • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2009-0878
1Wesnoth
1Wesnoth
Apr 23, 2026
Mar 12, 2009
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
CVE-2009-0366
1Wesnoth
1Wesnoth
Apr 23, 2026
Mar 12, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
CVE-2009-0367
1Wesnoth
1Wesnoth
Apr 23, 2026
Mar 5, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical...Show more
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.Show less
CVE-2007-6201
1Wesnoth
1Wesnoth
Apr 23, 2026
Dec 1, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related...Show more
Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.Show less
CVE-2007-5742
1Wesnoth
1Wesnoth
Apr 23, 2026
Dec 1, 2007
N/A· v4
N/A· v3
9.0 HIGH· v2
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
CVE-2007-3917
1Wesnoth
1Wesnoth
Apr 23, 2026
Oct 11, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string...Show more
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.Show less