Summary: | <www-plugins/gnash-0.8.10-r2 buffer overflow (CVE-2012-1175) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sean Amoss (RETIRED) <ackle> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chithanh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2012/q1/631 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 391283 |
Description
Sean Amoss (RETIRED)
2012-03-14 20:20:41 UTC
The patch for this security bug was applied in 0.8.10-r2. Arches, please stabilize www-plugins/gnash-0.8.10-r2 Target keywords: amd64 ppc ~ppc64 ~sparc x86 amd64 stable x86 stable ppc stable. Whoops it is security bug, repening. This issue was resolved and addressed in GLSA 201207-08 at http://security.gentoo.org/glsa/glsa-201207-08.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-1175 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1175): Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. |