Computer Security
[EN] securityvulns.ru no-pyccku


GNU Gnash Flash Player array overflow
Published:09.05.2007
Source:
SecurityVulns ID:7692
Type:client
Threat Level:
5/10
Description:Array overflow on large number of SHOWFRAME elements within DEFINESPRITE.
Affected:GNU : Gnash 0.7
CVE:CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod