It was reported [1] that an integer overflow in GNU Gnash's GnashImage::size() method could be exploited to cause a heap-based buffer overflow when opening certain specially-crafted SWF files. If a user were tricked into opening a malicious SWF file it cause cause Gnash to crash or, possibly, execute arbitrary code with the permissions of the user running Gnash. The flaw was reported in 0.8.10 and is fixed in git [2]. [1] http://secunia.com/advisories/47183 [2] http://git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527
Created gnash tracking bugs for this issue Affects: fedora-all [bug 803444]
This was assigned the name CVE-2012-1175: http://www.openwall.com/lists/oss-security/2012/03/14/6
gnash-0.8.10-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
gnash-0.8.10-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
gnash-0.8.10-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.