Gnu Chess vulnerabilities

CVE-2021-30184 [HIGH] CWE-120 CVE-2021-30184: GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.

CVE-2019-15767 [HIGH] CWE-787 CVE-2019-15767: In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd. In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.

CVE-2015-8972 [CRITICAL] CWE-119 CVE-2015-8972: Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuch Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.

CVE-2002-0204 [HIGH] CVE-2002-0204: Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacit Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command.