Gnash DefineSprite Tag Remote Code Execution Vulnerability

info
discussion
exploit
solution
references

Gnash DefineSprite Tag Remote Code Execution Vulnerability

Gnash is prone to a remote code-execution vulnerability because it fails to handle user-supplied input.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the application. Failed attempts will likely result in denial-of-service conditions.

Gnash 0.7.2 is vulnerable; other versions may also be affected.