[原文]Integer overflow in RealArcade 18.104.22.1684 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow.
RealArcade contains an integer overflow condition in the handling of RGS files that is triggered as the 32 bit values specifying the size of a text strings containing a GUID and name of a game to install are not properly verified. With a specially crafted RGS file, a context-dependent attacker can cause a stack-based buffer overflow, potentially allowing the execution of arbitrary code.
RealArcade seems to have been superseded by the GameHouse RealArcade Installer. It is not clear when this vulnerability was addressed, but it is not present in GameHouse RealArcade Installer version 22.214.171.1241, which does not support RGS files.