CVE-2007-2500

server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow.
Configurations

Configuration 1

cpe:2.3:a:gnu:flash_player:*:*:*:*:*:*:*:*

Information

Published : 2007-05-04 12:19

Updated : 2017-07-29 01:31


NVD link : CVE-2007-2500

Mitre link : CVE-2007-2500

Products Affected
No products.
CWE