CVE-2024-54756 Information

Description

A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file.

Reference

http://seclists.org/fulldisclosure/2025/Feb/11 https://github.com/Chainmanner/GZDoom-Arbitrary-Code-Execution-via-ZScript-PoC https://seclists.org/fulldisclosure/2025/Feb/11