216.73.217.98

CVE-2025-34124

· Published 16/07/2025 22:15 · Modified 17/07/2025 21:15

Labels: CVE-2025-34124 2025-07-16CVE-2025-34124CWE-20[email protected]

Essential information

Published
16/07/2025 22:15
Modified
17/07/2025 21:15
Author
Creator
CVSS
8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that exploit object sprite name parsing logic. The vulnerability occurs during in-game map loading when a crafted object name causes a buffer overflow, potentially allowing arbitrary code execution. Exploitation requires the victim to open a malicious map file within the game.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
heroes of might and magic / heroes of might and magic iii complete cpe:2.3:a:heroes_of_might_and_magic:heroes_of_might_and_magic_iii_complete:4.0.0.0:*:*:*:*:*:*:*
heroes of might and magic / hd mod cpe:2.3:a:heroes_of_might_and_magic:hd_mod:3.808:*:*:*:*:*:*:*
heroes of might and magic / demo cpe:2.3:a:heroes_of_might_and_magic:demo:1.0.0.0:*:*:*:*:*:*:*

References