Posted by Ron E on Aug 18
A crafted RPG Maker save file (`.lsd`) can trigger an integer overflow in
 liblcf’s lcfstrings compressed integer decoding logic
 (`LcfReader::ReadInt()`), resulting in an unbounded shift and accumulation
 loop. The overflowed value is later used in buffer size allocations and
 structure parsing, causing large memory access requests and parsing errors.
*Steps to Reproduce*
1. Use the attached `.lsd` file (see PoC section).
2. Run: `./lcfstrings…
 –  Read More  – Full Disclosure 

 
			


