CVE-2007-2500: memory corruption vulnerability in gnash
Bug #130091 reported by
William Grant
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gnash |
Fix Released
|
Undecided
|
Unassigned | ||
| gnash (Debian) |
Fix Released
|
Unknown
|
|||
| gnash (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Feisty |
Fix Released
|
High
|
William Grant | ||
Bug Description
Binary package hint: gnash
"server/
Player) 0.7.2 allows remote attackers to execute arbitrary code via a
large number of SHOWFRAME elements within a DEFINESPRITE element,
which triggers memory corruption and enables the attacker to call free
with an arbitrary address, probably resultant from a buffer overflow."
Only Feisty is affected. I'm preparing a debdiff now.
CVE References
| Changed in gnash: | |
| status: | New → Invalid |
| assignee: | nobody → fujitsu |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in gnash: | |
| status: | New → Fix Released |
| status: | Invalid → Fix Released |
Revision history for this message
| William Grant (wgrant) wrote | #1 |
| Changed in gnash: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Alexander Sack (asac) wrote Re: [Bug 130091] Re: CVE-2007-2500: memory corruption vulnerability in gnash | #2 |
Revision history for this message
| William Grant (wgrant) wrote | #3 |
Revision history for this message
| Kees Cook (kees) wrote | #4 |
| Changed in gnash: | |
| status: | In Progress → Fix Committed |
| Changed in gnash: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
On Fri, Aug 03, 2007 at 07:01:40AM -0000, William Grant wrote:
>
> ** Attachment added: "debdiff for feisty-security"
> http://
>
So, do you need a sponsor for this? What is the status?
- Alexander