{"id":"UBUNTU-CVE-2020-14938","details":"An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.","modified":"2026-05-20T16:06:21.165682343Z","published":"2020-06-23T10:15:00Z","upstream":["CVE-2020-14938"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14938"},{"type":"REPORT","url":"https://bugs.freedroid.org/b/issue951"},{"type":"REPORT","url":"https://logicaltrust.net/blog/2020/02/freedroid.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-14938"}],"affected":[{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.15.1-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.15.1-1build1","binary_name":"freedroidrpg"},{"binary_version":"0.15.1-1build1","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}},{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.16.1-2build1","0.16.1-3"],"ecosystem_specific":{"binaries":[{"binary_version":"0.16.1-3","binary_name":"freedroidrpg"},{"binary_version":"0.16.1-3","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}},{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.16.1-5"],"ecosystem_specific":{"binaries":[{"binary_version":"0.16.1-5","binary_name":"freedroidrpg"},{"binary_version":"0.16.1-5","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}},{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.16.1-6"],"ecosystem_specific":{"binaries":[{"binary_version":"0.16.1-6","binary_name":"freedroidrpg"},{"binary_version":"0.16.1-6","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}},{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.0-1","1.0-1build1","1.0-1build2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.0-1build2","binary_name":"freedroidrpg"},{"binary_version":"1.0-1build2","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}},{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.0-1build2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.0-1build2","binary_name":"freedroidrpg"},{"binary_version":"1.0-1build2","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}},{"package":{"name":"freedroidrpg","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/freedroidrpg?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.0-1build2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.0-1build2","binary_name":"freedroidrpg"},{"binary_version":"1.0-1build2","binary_name":"freedroidrpg-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-14938.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}