Lucene search

[email protected]CVE-2007-2500

HistoryMay 04, 2007 - 12:19 a.m.

CVE-2007-2500

2007-05-0400:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2500

gnu gnash

gnu flash player

remote code execution

memory corruption

buffer overflow

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.096 Low

EPSS

Percentile

94.8%

JSON

server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.

Affected configurations

NVD

Node

gnuflash_playerRange≤0.7.2

CPENameOperatorVersion
gnu:flash_playergnu flash playerle0.7.2

CPE	Name	Operator	Version
gnu:flash_player	gnu flash player	le	0.7.2

References

osvdb.org/37273

savannah.gnu.org/bugs/?19774

secunia.com/advisories/25787

www.novell.com/linux/security/advisories/2007_13_sr.html

www.securityfocus.com/bid/23765

www.securitytracker.com/id?1018041

www.vupen.com/english/advisories/2007/1688

exchange.xforce.ibmcloud.com/vulnerabilities/34148

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.096 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2007-2500

securityvulns1 cvelist1 debiancve1 prion1 nessus1 ubuntucve1 nvd1