CVE Vulnerabilities

CVE-2007-2500

Published: May 04, 2007 | Modified: Jul 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.

Affected Software

Name Vendor Start Version End Version
Flash_player Gnu * 0.7.2 (including)
Gnash Ubuntu devel *
Gnash Ubuntu feisty *
Gnash Ubuntu gutsy *

References