CVE-2003-1432
Unreal Engine 226f-436 - Denial of Service and Possible Remote Code Execution via Negative Size Value
Title source: llmDescription
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11302
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11305
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6772
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12012
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6770
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html
Scores
EPSS
0.0754
EPSS Percentile
93.8%
Details
CWE
CWE-189
CWE-94
Status
published
Products (7)
epic_games/unreal_engine
226f
epic_games/unreal_engine
433
epic_games/unreal_engine
436
epic_games/unreal_tournament_2003
2199_linux
epic_games/unreal_tournament_2003
2199_win32
epic_games/unreal_tournament_2003
demo_version_2206_linux
epic_games/unreal_tournament_2003
demo_version_2206_win32
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026