Debian Flightgear vulnerabilities

6 known vulnerabilities affecting debian/flightgear.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3LOW3

Vulnerabilities

Page 1 of 1
CVE-2025-0781HIGHCVSS 8.6fixed in flightgear 1:2020.3.16+dfsg-1+deb12u1 (bookworm)2025
CVE-2025-0781 [HIGH] CVE-2025-0781: flightgear - An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to ... An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level. Scope: local bookworm: resolved (fixed in 1:2020.3.16+dfsg-1+deb12u1) bullseye: resolved (fixed in 1:2020.3.6+dfsg-1+deb11u1) forky: resolved (fixed in 1:2020.3.19+dfsg-1) sid: resolved (fixed in 1:2020.
debian
CVE-2017-8921HIGHCVSS 7.5fixed in flightgear 1:2016.4.4+dfsg-3 (bookworm)2017
CVE-2017-8921 [HIGH] CVE-2017-8921: flightgear - In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any fi... In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal
debian
CVE-2017-13709LOWCVSS 7.5fixed in flightgear 1:2017.2.1+dfsg-4 (bookworm)2017
CVE-2017-13709 [HIGH] CVE-2017-13709: flightgear - In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem... In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. Scope: local bookworm: resolved (fixed in 1:2017.2.1+dfsg-4) bullseye: resolved (fixed in 1:2017.2.1+dfsg-4) forky: resolved (fixed in 1:2017.2.1+dfsg-4) sid: resolved (fixed in 1:2
debian
CVE-2016-9956HIGHCVSS 7.5fixed in flightgear 1:2016.4.3+dfsg-1 (bookworm)2016
CVE-2016-9956 [HIGH] CVE-2016-9956: flightgear - The route manager in FlightGear before 2016.4.4 allows remote attackers to write... The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. Scope: local bookworm: resolved (fixed in 1:2016.4.3+dfsg-1) bullseye: resolved (fixed in 1:2016.4.3+dfsg-1) forky: resolved (fixed in 1:2016.4.3+dfsg-1) sid: resolved (fixed in 1:2016.4.3+dfsg-1) trixie: resolved (fixed in 1:2016.4.3+dfsg
debian
CVE-2012-2091LOWCVSS 9.3fixed in flightgear 2.6.0-1.1 (bookworm)2012
CVE-2012-2091 [CRITICAL] CVE-2012-2091: flightgear - Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earl... Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSoc
debian
CVE-2012-2090LOWCVSS 9.3fixed in flightgear 2.6.0-1.1 (bookworm)2012
CVE-2012-2090 [CRITICAL] CVE-2012-2090: flightgear - Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear... Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/g
debian
Debian Flightgear vulnerabilities | cvebase