Linux Gaming News

OpenTTD vulnerabilities could allow remote code execution

The OpenTTD developers have discovered three security issues in the open source game based on Microprose’s Transport Tycoon Deluxe. One issue, a buffer overflow in save games, makes it possible to crash the game and possibly cause the execution of arbitrary code; the bug has been present since version 0.1.0.

In another issue, improperly validated commands from the server can create a denial of service. The third issue involves buffer overflows when validating external data read from the local filesystem; this could lead to arbitrary code execution. All three bugs are due to be fixed in an upcoming 1.1.3 release; a release candidate for that version is available. OpenTTD is licensed under the GPLv2.

You Might Also Like

%d bloggers like this: