CVE-2006-3324

EPSS 2.2%

Published: 6/30/2006Modified: 4/28/2026

Description

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Affected packages (1)

Debian/ioquake3from 0, < 1.36+svn1788j-1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-3324