CVE-2011-4328

Gnash prior to 0.8.10 stores cookies in /tmp with world-readable, predictable file names via nsPluginInstance::setupCookies(), allowing local users to obtain sensitive information. Affected versions: Gnash

CVE-2010-4337

CVE-2010-4337 affects gnash (GNU Flash player). The issue arises from the configure/build process: temporary files under /tmp (gnash-configure-errors/wns/required.$$) can be created via a symlink attack, allowing a local attacker to overwrite files that the user has write permissions for. This is...

CVE-2012-1175

CVE-2012-1175 affects GNU Gnash 0.8.10. The vulnerability is in the GnashImage::size() function, where an integer overflow can trigger a heap-based buffer overflow via a crafted SWF file, enabling a remote attacker to cause a crash or potentially execute arbitrary code. Public advisories note pat...