Red Hat Bugzilla – Bug 239213
CVE-2007-2500: gnash arbitrary code execution
Last modified: 2007-11-30 17:12:04 EST
"server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2
allows remote attackers to execute arbitrary code via a large number of
SHOWFRAME elements within a DEFINESPRITE element, which triggers memory
corruption and enables the attacker to call free with an arbitrary address,
probably resultant from a buffer overflow."
Next release is due soon. I asked the list about a patch and whether
it was fixed in HEAD.
Thanks for the report.