239213 – CVE-2007-2500: gnash arbitrary code execution

Bug 239213 - CVE-2007-2500: gnash arbitrary code execution

Summary: CVE-2007-2500: gnash arbitrary code execution

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnash
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Patrice Dumas
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-05-06 06:35 UTC by Ville Skyttä
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:	0.7.2-2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-05-12 20:00:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ville Skyttä 2007-05-06 06:35:06 UTC

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500

"server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2
allows remote attackers to execute arbitrary code via a large number of
SHOWFRAME elements within a DEFINESPRITE element, which triggers memory
corruption and enables the attacker to call free with an arbitrary address,
probably resultant from a buffer overflow."

Comment 1 Patrice Dumas 2007-05-09 08:15:55 UTC

Next release is due soon. I asked the list about a patch and whether 
it was fixed in HEAD.

Comment 2 Patrice Dumas 2007-05-12 20:00:16 UTC

Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.