{"url":"http://public2.vulnerablecode.io/api/packages/95591?format=json","purl":"pkg:deb/debian/freedroidrpg@0.16.1-6?distro=sid","type":"deb","namespace":"debian","name":"freedroidrpg","version":"0.16.1-6","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.0-1","latest_non_vulnerable_version":"1.0+ds-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68755?format=json","vulnerability_id":"VCID-64y6-vvqy-cqhp","summary":"An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14938","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66602","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66643","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6665","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66635","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6662","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66637","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14938"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14938","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14938"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964197","reference_id":"964197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95592?format=json","purl":"pkg:deb/debian/freedroidrpg@1.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freedroidrpg@1.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/95593?format=json","purl":"pkg:deb/debian/freedroidrpg@1.0%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freedroidrpg@1.0%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-14938"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64y6-vvqy-cqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68758?format=json","vulnerability_id":"VCID-tkgp-d7pn-aqad","summary":"An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14939","reference_id":"","reference_type":"","scores":[{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58718","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.5871","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00363","scoring_system":"epss","scoring_elements":"0.58695","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14939"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964197","reference_id":"964197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964197"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95592?format=json","purl":"pkg:deb/debian/freedroidrpg@1.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freedroidrpg@1.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/95593?format=json","purl":"pkg:deb/debian/freedroidrpg@1.0%2Bds-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freedroidrpg@1.0%252Bds-1%3Fdistro=sid"}],"aliases":["CVE-2020-14939"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkgp-d7pn-aqad"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/freedroidrpg@0.16.1-6%3Fdistro=sid"}