A buffer overflow vulnerability is reported to exist in LTris that may result in a local attacker obtaining elevated privileges. The flaw is reported to exist due to a lack of sufficient boundary checks performed when reading high-score data from the global LTris high-score file.
LTris versions prior to version 1.0.9 are reported prone to this issue.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
The vendor has addressed this vulnerability and fixes are available:
Gentoo has released an advisory (GLSA 200503-24) and an updated eBuild to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
emerge --ask --oneshot --verbose ">=games-puzzle/ltris-1.0.10"