CVE-2006-2875
EPSS 6.7%
Description
Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.
How to fix CVE-2006-2875
To remediate CVE-2006-2875, upgrade the affected package to a fixed version below.
- Debian/ioquake3—upgrade to 1.36+svn1788j-1 or later
Is CVE-2006-2875 being exploited?
Moderate — EPSS is 6.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.36+svn1788j-1