bugzilla@redhat.com
2007-May-06 06:35 UTC
[Bug 239213] New: CVE-2007-2500: gnash arbitrary code execution
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
Summary: CVE-2007-2500: gnash arbitrary code execution
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: gnash
AssignedTo: pertusus@free.fr
ReportedBy: ville.skytta@iki.fi
QAContact: extras-qa@fedoraproject.org
CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500
"server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player)
0.7.2
allows remote attackers to execute arbitrary code via a large number of
SHOWFRAME elements within a DEFINESPRITE element, which triggers memory
corruption and enables the attacker to call free with an arbitrary address,
probably resultant from a buffer overflow."
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
bugzilla@redhat.com
2007-May-09 08:16 UTC
[Bug 239213] CVE-2007-2500: gnash arbitrary code execution
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2500: gnash arbitrary code execution https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213 ------- Additional Comments From pertusus@free.fr 2007-05-09 04:15 EST ------- Next release is due soon. I asked the list about a patch and whether it was fixed in HEAD. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla@redhat.com
2007-May-12 20:00 UTC
[Bug 239213] CVE-2007-2500: gnash arbitrary code execution
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-2500: gnash arbitrary code execution
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
pertusus@free.fr changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
Resolution| |CURRENTRELEASE
Fixed In Version| |0.7.2-2
------- Additional Comments From pertusus@free.fr 2007-05-12 16:00 EST -------
Thanks for the report.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.