[Bug 239213] New: CVE-2007-2500: gnash arbitrary code execution

6 May 2007


      Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
Summary: CVE-2007-2500: gnash arbitrary code execution
           Product: Fedora Extras
           Version: fc6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: gnash
        AssignedTo: pertusus@free.fr
        ReportedBy: ville.skytta@iki.fi
         QAContact: extras-qa@fedoraproject.org
                CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500
"server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2
allows remote attackers to execute arbitrary code via a large number of
SHOWFRAME elements within a DEFINESPRITE element, which triggers memory
corruption and enables the attacker to call free with an arbitrary address,
probably resultant from a buffer overflow."
-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Bug 239213] New: CVE-2007-2500: gnash arbitrary code execution