{"id":"CVE-2006-2875","details":"Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.","modified":"2026-01-27T04:06:35.388673Z","published":"2006-06-07T00:02:00Z","withdrawn":"2026-01-27T04:06:35.388673Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/20401"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/2129"},{"type":"WEB","url":"http://aluigi.altervista.org/adv/q3cbof-adv.txt"},{"type":"WEB","url":"http://securitytracker.com/id?1016219"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/435963/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/bid/18271"}],"schema_version":"1.7.3"}