Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-4245 (GCVE-0-2009-4245)
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61969"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61969"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"refsource": "OSVDB",
"url": "http://osvdb.org/61969"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4245",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4245\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-01-25T19:30:01.433\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una imagen GIF comprimida.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348F3214-E5C2-4D39-916F-1B0263D13F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F826B276-91E6-495E-B429-51B1C5ECB146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A732E6C-108F-447F-98B1-EA774A0537EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F948D474-2380-482C-8A63-88984AC2A86B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D2A323-5614-4569-AFE5-49CB99ACA279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74F2CA71-BD09-451C-931C-433024B6BF87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD002505-9F93-4243-BCF9-89421FDB7C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D7BB02-13EA-4F39-B751-DDF9AB50F868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"C9C8FE03-BB75-4F67-ADE4-891B6B956018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2\"}]}]}],\"references\":[{\"url\":\"http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/61969\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561441\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55800\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/61969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Specific affected release information can be found from RealNetworks at: \\r\\n\\r\\nhttp://service.real.com/realplayer/security/01192010_player/en/\"}}"
}
}
var-201001-0745
Vulnerability from variot
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp. Realnetworks RealPlayer Contains a heap-based buffer overflow vulnerability.Compressed by a third party GIF Via files, you may be affected by a heap-based buffer overflow. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Successful exploits will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/
TITLE: RealPlayer Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA38218
VERIFY ADVISORY: http://secunia.com/advisories/38218/
DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system.
3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding.
8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow".
10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative
ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/
OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
For more information: SA38218
SOLUTION: Updated packages are available via Red Hat Network. iDefense Security Advisory 02.01.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 01, 2010
I. BACKGROUND
RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. Since late 2003, Real Player has been based on the open-source Helix Player. More information can be found at the URLs shown. For more information, see the vendor's site found at the following links.
http://www.real.com/realplayer.html http://helixcommunity.org/
II. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code.
III. An attacker would need to entice a victim into opening a RTSP stream. Upon the victim opening the stream, the attack would inject a malformed compressed GIF image into a RTSP stream to exploit this issue. Other attack vectors are likely to exist; however, this was the vector tested within iDefense Labs. It should be noted that RealPlayer can be instantiated within a Web browser. This means an attacker could host a malicious Web page and entice a victim into visiting this page. Upon visiting the page, exploitation would occur.
IV. DETECTION
iDefense confirmed RealPlayer version 11 is vulnerable to this issue. WORKAROUND
iDefense recommends applying the following workarounds until a patch resolving this issue is made publicly available by Real Networks Inc. RealPlayer users should change the GIF filetype association to another application. It is also recommended that RealPlayer users disable the RealPlayer plugins contained within the Web browsers plugins directory by changing the file permissions to deny execution of these files. These workarounds will limit the functionality of RealPlayer by disabling GIF support and web browser plugin features. These workarounds may not mitigate all exploitation vectors but will likely prevent the majority of likely scenarios.
VI. VENDOR RESPONSE
RealNetworks has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.
http://service.real.com/realplayer/security/01192010_player/en/
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-4245 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
05/13/2008 Initial Contact 05/03/2008 Initial Response 02/01/2010 Coordinated public disclosure.
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2010 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0745",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "realplayer",
"scope": "eq",
"trust": 1.9,
"vendor": "realnetworks",
"version": "11.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.0"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.0"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.0"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.1"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.0"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "1.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.5"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.4"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.3"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.2"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "10.5"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 1.0,
"vendor": "realnetworks",
"version": "1.0.0"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "realnetworks",
"version": "*"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "(enterprise)"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "10"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "10.5"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "11"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "sp 1.0.0"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "sp 1.0.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.0"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.7"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.6"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.5"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.2"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.1"
},
{
"model": "realplayer enterprise",
"scope": null,
"trust": 0.3,
"vendor": "realnetworks",
"version": null
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.331"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.503"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.481"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.412"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.396"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.352"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.325"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.305"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.1.3114"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.9"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.8"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.7"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.6"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.5"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.4"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.3"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.2"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.1"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1741"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1698"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1675"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1663"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1483"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1348"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1235"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1069"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1059"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1056"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1053"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1040"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "11"
}
],
"sources": [
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:realnetworks:realplayer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint\u0027s Zero Day Initiative, and anonymous researchers working with TippingPoint\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "37880"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
}
],
"trust": 0.9
},
"cve": "CVE-2009-4245",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-4245",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-41691",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4245",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-4245",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-246",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-41691",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41691"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp. Realnetworks RealPlayer Contains a heap-based buffer overflow vulnerability.Compressed by a third party GIF Via files, you may be affected by a heap-based buffer overflow. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. \nA remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Successful exploits will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following are vulnerable:\nRealPlayer SP 1.0.0 through 1.0.1\nRealPlayer 11 11.0.0 through 11.0.5\nRealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741\nRealPlayer 10 and 10.1\nHelix Player 11.0.0 through 11.0.2. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRealPlayer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38218\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38218/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in RealPlayer, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n3) A vulnerability is caused due to an unspecified error related to\nHTTP chunk encoding. \n\n8) An unspecified error related to the RealPlayer ASM RuleBook can be\nexploited to cause an \"array overflow\". \n\n10) Two vulnerabilities are caused due to errors within the\nprocessing of Internet Video Recording (IVR) files. Please see the vendor\u0027s advisory for\ndetails. \nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Evgeny Legerov\n* anonymous persons working with iDEFENSE Labs\n* John Rambo and anonymous researchers working with TippingPoint\u0027s\nZero Day Initiative\n\nORIGINAL ADVISORY:\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nOTHER REFERENCES:\nSA33810:\nhttp://secunia.com/advisories/33810/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\nFor more information:\nSA38218\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. iDefense Security Advisory 02.01.10\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nFeb 01, 2010\n\nI. BACKGROUND\n\nRealPlayer is an application for playing various media formats,\ndeveloped by RealNetworks Inc. Since late 2003, Real Player has been\nbased on the open-source Helix Player. More information can be found at\nthe URLs shown. For more information, see the vendor\u0027s site found at the\nfollowing links. \n\nhttp://www.real.com/realplayer.html\nhttp://helixcommunity.org/\n\nII. The vulnerability\noccurs in the CGIFCodec::InitDecompress() function, which does not\nproperly validate a field in the GIF file before using it in an\narithmetic operation that calculates the size of a heap buffer. This\nissue leads to heap corruption, which can result in the execution of\narbitrary code. \n\nIII. An attacker would need\nto entice a victim into opening a RTSP stream. Upon the victim opening\nthe stream, the attack would inject a malformed compressed GIF image\ninto a RTSP stream to exploit this issue. Other attack vectors are\nlikely to exist; however, this was the vector tested within iDefense\nLabs. It should be noted that RealPlayer can be instantiated within a\nWeb browser. This means an attacker could host a malicious Web page and\nentice a victim into visiting this page. Upon visiting the page,\nexploitation would occur. \n\nIV. DETECTION\n\niDefense confirmed RealPlayer version 11 is vulnerable to this issue. WORKAROUND\n\niDefense recommends applying the following workarounds until a patch\nresolving this issue is made publicly available by Real Networks Inc. \nRealPlayer users should change the GIF filetype association to another\napplication. It is also recommended that RealPlayer users disable the\nRealPlayer plugins contained within the Web browsers plugins directory\nby changing the file permissions to deny execution of these files. \nThese workarounds will limit the functionality of RealPlayer by\ndisabling GIF support and web browser plugin features. These\nworkarounds may not mitigate all exploitation vectors but will likely\nprevent the majority of likely scenarios. \n\nVI. VENDOR RESPONSE\n\nRealNetworks has released a patch which addresses this issue. \nInformation about downloadable vendor updates can be found by clicking\non the URLs shown. \n\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-4245 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n05/13/2008 Initial Contact\n05/03/2008 Initial Response\n02/01/2010 Coordinated public disclosure. \n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2010 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4245"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "VULHUB",
"id": "VHN-41691"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "PACKETSTORM",
"id": "85843"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41691",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41691"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4245",
"trust": 2.9
},
{
"db": "BID",
"id": "37880",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "38218",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1023489",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "61969",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2010-0178",
"trust": 2.5
},
{
"db": "XF",
"id": "55800",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "38450",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[DATATYPE-CVS] 20080722 IMAGE/GIF/COMMON GIFCODEC.CPP, 1.6, 1.7 GIFIMAGE.CPP, 1.5, 1.6",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2010:0094",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-10-010",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-008",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-006",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-005",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-007",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "85843",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41691",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "85439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86184",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41691"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "PACKETSTORM",
"id": "85843"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"id": "VAR-201001-0745",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41691"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:47:35.594000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Releases Update to Address Security Vulnerabilities",
"trust": 0.8,
"url": "http://service.real.com/realplayer/security/01192010_player/en"
},
{
"title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9",
"trust": 0.8,
"url": "http://service.real.com/realplayer/security/01192010_player/ja/"
},
{
"title": "RHSA-2010:0094",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2010-0094.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41691"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/37880"
},
{
"trust": 2.5,
"url": "http://osvdb.org/61969"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1023489"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/38218"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"trust": 2.2,
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"trust": 1.7,
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"trust": 1.7,
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"trust": 1.7,
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"trust": 1.7,
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-july/008455.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0094.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/55800"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9998"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38450"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4245"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4245"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838"
},
{
"trust": 0.3,
"url": "http://www.realnetworks.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-005/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-006/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-007/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-008/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-010/"
},
{
"trust": 0.3,
"url": "/archive/1/509286"
},
{
"trust": 0.3,
"url": "/archive/1/509293"
},
{
"trust": 0.3,
"url": "/archive/1/509288"
},
{
"trust": 0.3,
"url": "/archive/1/509100"
},
{
"trust": 0.3,
"url": "/archive/1/509096"
},
{
"trust": 0.3,
"url": "/archive/1/509105"
},
{
"trust": 0.3,
"url": "/archive/1/509098"
},
{
"trust": 0.3,
"url": "/archive/1/509104"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/38218/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/71/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33810/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38450/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2010-0094.html"
},
{
"trust": 0.1,
"url": "http://helixcommunity.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://www.real.com/realplayer.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4245"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41691"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "PACKETSTORM",
"id": "85843"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41691"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "PACKETSTORM",
"id": "85843"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-41691"
},
{
"date": "2010-01-20T00:00:00",
"db": "BID",
"id": "37880"
},
{
"date": "2010-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"date": "2010-01-20T16:00:34",
"db": "PACKETSTORM",
"id": "85439"
},
{
"date": "2010-02-11T10:10:16",
"db": "PACKETSTORM",
"id": "86184"
},
{
"date": "2010-02-02T02:25:51",
"db": "PACKETSTORM",
"id": "85843"
},
{
"date": "2010-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"date": "2010-01-25T19:30:01.433000",
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-41691"
},
{
"date": "2010-07-13T20:27:00",
"db": "BID",
"id": "37880"
},
{
"date": "2010-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001050"
},
{
"date": "2011-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-246"
},
{
"date": "2024-11-21T01:09:14.347000",
"db": "NVD",
"id": "CVE-2009-4245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "85843"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Realnetworks RealPlayer Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001050"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-246"
}
],
"trust": 0.6
}
}
CERTA-2010-AVI-023
Vulnerability from certfr_avis
Plusieurs vulnérabilités dans les produits RealNetworks permettent à un utilisateur distant malintentionné de provoquer un déni de service ou d'exécuter du code arbitraire.
Description
Onze vulnérabilités, de type débordement de mémoire, ont été découvertes dans les produits RealPlayer et Helix Player. Ces vulnérabilités peuvent être exploitées par une personne distante malveillante afin de provoquer un déni de service ou encore d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions suivantes pour Microsoft Windows sont affectées :
- RealPlayer SP 1.0.0 et 1.0.1 ;
- RealPlayer 11.x ;
- RealPlayer 10.x ;
- RealPlayer Enterprise.
Les versions suivantes pour Mac OS sont affectées :
- Mac RealPlayer 11.x ;
- Mac RealPlayer 10.x.
Les versions suivantes pour GNU/Linux sont affectées :
- GNU/Linux RealPlayer 11.x ;
- GNU/Linux RealPlayer 10.x ;
- Helix RealPlayer 11.x ;
- Helix RealPlayer 10.x.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eLes versions suivantes pour Microsoft Windows sont affect\u00e9es : \u003cUL\u003e \u003cLI\u003eRealPlayer SP 1.0.0 et 1.0.1 ;\u003c/LI\u003e \u003cLI\u003eRealPlayer 11.x ;\u003c/LI\u003e \u003cLI\u003eRealPlayer 10.x ;\u003c/LI\u003e \u003cLI\u003eRealPlayer Enterprise.\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003eLes versions suivantes pour Mac OS sont affect\u00e9es :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eMac RealPlayer 11.x ;\u003c/LI\u003e \u003cLI\u003eMac RealPlayer 10.x.\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003eLes versions suivantes pour GNU/Linux sont affect\u00e9es :\u003c/P\u003e \u003cUL\u003e \u003cLI\u003eGNU/Linux RealPlayer 11.x ;\u003c/LI\u003e \u003cLI\u003eGNU/Linux RealPlayer 10.x ;\u003c/LI\u003e \u003cLI\u003eHelix RealPlayer 11.x ;\u003c/LI\u003e \u003cLI\u003eHelix RealPlayer 10.x.\u003c/LI\u003e \u003c/UL\u003e\u003c/p\u003e",
"content": "## Description\n\nOnze vuln\u00e9rabilit\u00e9s, de type d\u00e9bordement de m\u00e9moire, ont \u00e9t\u00e9 d\u00e9couvertes\ndans les produits RealPlayer et Helix Player. Ces vuln\u00e9rabilit\u00e9s peuvent\n\u00eatre exploit\u00e9es par une personne distante malveillante afin de provoquer\nun d\u00e9ni de service ou encore d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-4246",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4246"
},
{
"name": "CVE-2009-0376",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0376"
},
{
"name": "CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"name": "CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"name": "CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"name": "CVE-2009-4241",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4241"
},
{
"name": "CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"name": "CVE-2009-0375",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0375"
},
{
"name": "CVE-2009-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4243"
},
{
"name": "CVE-2009-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4244"
},
{
"name": "CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
}
],
"initial_release_date": "2010-01-21T00:00:00",
"last_revision_date": "2010-07-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris du 13 juillet 2010 :",
"url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
}
],
"reference": "CERTA-2010-AVI-023",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2010-01-21T00:00:00.000000"
},
{
"description": "correction du lien vers la mise \u00e0 jour de s\u00e9curit\u00e9 ;",
"revision_date": "2010-02-16T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Sun Solaris.",
"revision_date": "2010-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans les produits RealNetworks permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Realplayer et Helix Player",
"vendor_advisories": [
{
"published_at": null,
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 RealNetworks du 19 janvier 2010",
"url": "http://service.real.com/realplayer/security/01192010_player/fr/"
}
]
}
gsd-2009-4245
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-4245",
"description": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"id": "GSD-2009-4245",
"references": [
"https://www.suse.com/security/cve/CVE-2009-4245.html",
"https://access.redhat.com/errata/RHSA-2010:0094",
"https://linux.oracle.com/cve/CVE-2009-4245.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-4245"
],
"details": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"id": "GSD-2009-4245",
"modified": "2023-12-13T01:19:45.246972Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "61969",
"refsource": "OSVDB",
"url": "http://osvdb.org/61969"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:9998",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "realplayer-gifimage-bo(55800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4245"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38218",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "37880",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "61969",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/61969"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"name": "38450",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "realplayer-gifimage-bo(55800)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"name": "oval:org.mitre.oval:def:9998",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-09-19T01:29Z",
"publishedDate": "2010-01-25T19:30Z"
}
}
}
RHSA-2010:0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2025-11-21 17:35
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:47+00:00",
"generator": {
"date": "2025-11-21T17:35:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
rhsa-2010:0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2025-11-21 17:35
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2025-11-21T17:35:47+00:00",
"generator": {
"date": "2025-11-21T17:35:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:35:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
rhsa-2010_0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2024-11-22 03:16
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:04+00:00",
"generator": {
"date": "2024-11-22T03:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
fkie_cve-2009-4245
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html | ||
| cve@mitre.org | http://osvdb.org/61969 | ||
| cve@mitre.org | http://secunia.com/advisories/38218 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/38450 | ||
| cve@mitre.org | http://securitytracker.com/id?1023489 | Patch | |
| cve@mitre.org | http://service.real.com/realplayer/security/01192010_player/en/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2010-0094.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/37880 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2010/0178 | Patch, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=561441 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/55800 | ||
| cve@mitre.org | https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7 | ||
| cve@mitre.org | https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6 | ||
| cve@mitre.org | https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/61969 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38218 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/38450 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023489 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://service.real.com/realplayer/security/01192010_player/en/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0094.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37880 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/0178 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=561441 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/55800 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una imagen GIF comprimida."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4245",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.433",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61969"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-89x4-gm7p-7fr8
Vulnerability from github
Published
2022-05-02 03:53
Modified
2025-04-11 03:31
VLAI Severity ?
Details
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
{
"affected": [],
"aliases": [
"CVE-2009-4245"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-01-25T19:30:00Z",
"severity": "HIGH"
},
"details": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"id": "GHSA-89x4-gm7p-7fr8",
"modified": "2025-04-11T03:31:03Z",
"published": "2022-05-02T03:53:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
},
{
"type": "WEB",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
},
{
"type": "WEB",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
},
{
"type": "WEB",
"url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
},
{
"type": "WEB",
"url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
},
{
"type": "WEB",
"url": "http://osvdb.org/61969"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38218"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38450"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1023489"
},
{
"type": "WEB",
"url": "http://service.real.com/realplayer/security/01192010_player/en"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0178"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…