ID CVE-2007-2500
Summary server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
References
Vulnerable Configurations
  • GNU GNU Flash Player 0.7.2
    cpe:2.3:a:gnu:flash_player:0.7.2
CVSS
Base: 10.0 (as of 07-05-2007 - 14:15)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family SuSE Local Security Checks
NASL id SUSE_GNASH-3447.NASL
description This update fixes a denial of service problem in the free flash player gnash. (CVE-2007-2500)
last seen 2019-02-21
modified 2018-07-19
plugin id 27240
published 2007-10-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=27240
title openSUSE 10 Security Update : gnash (gnash-3447)
refmap via4
bid 23765
misc http://savannah.gnu.org/bugs/?19774
osvdb 37273
sectrack 1018041
secunia 25787
suse SUSE-SR:2007:013
vupen ADV-2007-1688
xf gnuflash-sprite-code-execution(34148)
Last major update 07-03-2011 - 21:54
Published 03-05-2007 - 20:19
Last modified 28-07-2017 - 21:31
Back to Top