Описание
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 0.7.2+cvs20070518.1557-1 |
| edgy | DNE | |
| feisty | released | 0.7.2-1ubuntu0.1 |
| gutsy | released | 0.7.2+cvs20070518.1557-1 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
10 Critical
CVSS2
Связанные уязвимости
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player ...
server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
EPSS
10 Critical
CVSS2