Launchpad.net

CVE 2007-2500

server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.

Related bugs and status

CVE-2007-2500 (Candidate) is related to these bugs:

Bug #130091: CVE-2007-2500: memory corruption vulnerability in gnash

		In	Importance	Status
130091	CVE-2007-2500: memory corruption vulnerability in gnash	gnash (Ubuntu)	Undecided	Fix Released
130091	CVE-2007-2500: memory corruption vulnerability in gnash	gnash (Ubuntu Feisty)	High	Fix Released
130091	CVE-2007-2500: memory corruption vulnerability in gnash	gnash	Undecided	Fix Released
130091	CVE-2007-2500: memory corruption vulnerability in gnash	gnash (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://savannah.gnu.or...
BID: 23765
SECTRACK: 1018041
SUSE: SUSE-SR:2007:013
SECUNIA: 25787
OSVDB: 37273
VUPEN: ADV-2007-1688
XF: gnuflash-sprite-code-e...