GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. References: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
Created gnuchess tracking bugs for this issue: Affects: epel-7 [bug 1947595] Affects: fedora-all [bug 1947594]
The affected code appeared in multiple functions - cmd_load(), cmd_pgnload(), and cmd_pgnreplay(). It seems it was first introduced in gnuchess version 6.0 - the latest version 5.08 tagged in upstream CVS repo does not have them yet, and they are included in the initial import to the upstream SVN repo. The cmd_load() was previously fixed via: http://svn.savannah.gnu.org/viewvc/chess?view=revision&revision=182 The other two cases are not yet fixed upstream.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-30184