The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth prior to 1.12.3 and 1.13.x prior to 1.13.1 allow remote malicious users to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wesnoth battle for wesnoth |
||
wesnoth battle for wesnoth 1.13.0 |
||
fedoraproject fedora 21 |
||
fedoraproject fedora 22 |