Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
Summary: CVE-2007-2500: gnash arbitrary code execution Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: gnash AssignedTo: pertusus@free.fr ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500
"server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow."
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2500: gnash arbitrary code execution
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
------- Additional Comments From pertusus@free.fr 2007-05-09 04:15 EST ------- Next release is due soon. I asked the list about a patch and whether it was fixed in HEAD.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2500: gnash arbitrary code execution
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
pertusus@free.fr changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.7.2-2
------- Additional Comments From pertusus@free.fr 2007-05-12 16:00 EST ------- Thanks for the report.
security@lists.fedoraproject.org