CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-54756

Critical Severity
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.00268/1

CVE-2024-54756 is a critical remote code execution (RCE) vulnerability found in ZDoom Team GZDoom v4.13.1. This flaw allows attackers to execute arbitrary code on a victim's system. The vulnerability resides within the ZScript function, and is triggered by supplying a specially crafted PK3 file.

Attackers can exploit this by including a malicious ZScript source file within the crafted PK3, allowing them to take complete control of the affected system. With a high SOCRadar Vulnerability Risk Score (SVRS) of 84, CVE-2024-54756 is considered a critical threat requiring immediate action. This vulnerability is particularly dangerous due to its potential for widespread exploitation and the severity of its impact, making it a high-priority concern for anyone using ZDoom Team GZDoom v4.13.1.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-02-20
LAST MODIFIED2025-02-21

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Ajit Jasrotia2025-02-24
⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple’s Data Dilemma | Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing […] The post ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse
allhackernews.com
rss
forum
news
[CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript
2025-02-16
[CVE-2024-54756] GZDoom Posted by Gabriel Valachi via Fulldisclosure on Feb 15In GZDoom 4.13.1 and below, there is a vulnerability involving array sizes in ZScript, the game engine's primary scripting language. It is possible to dynamically allocate an array of 1073741823 dwords, permitting access to the rest of the heap from the start of the array and causing a second array declared in the same function to overlap with this huge array. The
seclists.org
rss
forum
news
CVE-2024-54756 | GZDoom up to 4.13.1 ZScript memory corruption
vuldb.com2025-02-16
CVE-2024-54756 | GZDoom up to 4.13.1 ZScript memory corruption | A vulnerability was found in GZDoom up to 4.13.1. It has been classified as critical. Affected is an unknown function of the component ZScript. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-54756. Access to the local network is required for this attack to succeed. Furthermore, there is an
vuldb.com
rss
forum
news

Social Media

CVE-2024-54756 02/20/2025 11:15:10 PM A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a craf... https://t.co/bIit2FqeBp
0
0
0
CVE-2024-54756 A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK… https://t.co/zuvUGElC2l
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2025/Feb/11
[email protected]https://github.com/Chainmanner/GZDoom-Arbitrary-Code-Execution-via-ZScript-PoC
[email protected]https://seclists.org/fulldisclosure/2025/Feb/11
GITHUBhttps://github.com/Chainmanner/GZDoom-Arbitrary-Code-Execution-via-ZScript-PoC
GITHUBhttps://seclists.org/fulldisclosure/2025/Feb/11

CWE Details

No CWE details found for this CVE

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence