FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

id Tech 3 -- remote code execution vulnerability

Affected packages
ioquake3 < 1.36_16
ioquake3-devel < g2930
iourbanterror < 4.3.2,1
openarena < 0.8.8.s1910_3,1


VuXML ID e48355d7-1548-11e7-8611-0090f5f2f347
Discovery 2017-03-14
Entry 2017-04-07

The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks.


CVE Name CVE-2017-6903