CVE-2015-0844
Battle for Wesnoth <1.12.2 - Unauthenticated Arbitrary File Read via Crafted File
Title source: llmDescription
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3218
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html
Vendor Advisory x_refsource_confirm
http://forums.wesnoth.org/viewtopic.php?t=41872
Vendor Advisory x_refsource_confirm
http://forums.wesnoth.org/viewtopic.php?t=41870
Scores
EPSS
0.0232
EPSS Percentile
81.4%
Details
CWE
CWE-200
Status
published
Products (50)
fedoraproject/fedora
20
fedoraproject/fedora
21
fedoraproject/fedora
22
wesnoth/battle_for_wesnoth
1.7.0
wesnoth/battle_for_wesnoth
1.7.1
wesnoth/battle_for_wesnoth
1.7.2
wesnoth/battle_for_wesnoth
1.7.3
wesnoth/battle_for_wesnoth
1.7.4
wesnoth/battle_for_wesnoth
1.7.5
wesnoth/battle_for_wesnoth
1.7.6
... and 40 more
Published
Apr 14, 2015
Tracked Since
Feb 18, 2026