Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-4248 (GCVE-0-2009-4248)
Vulnerability from cvelistv5
Published
2010-01-25 19:00
Modified
2024-08-07 06:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:54:10.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561361",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4248",
"datePublished": "2010-01-25T19:00:00",
"dateReserved": "2009-12-09T00:00:00",
"dateUpdated": "2024-08-07T06:54:10.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4248\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-01-25T19:30:01.543\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en la funci\u00f3n RTSPProtocol::HandleSetParameterRequest en el archivo client/core/rtspprotocol.cpp en RealPlayer versi\u00f3n 10, RealPlayer versiones 10,5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versi\u00f3n 10, y Helix Player versiones 10.x, de RealNetworks, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n RTSP SET_PARAMETER especialmente dise\u00f1ada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348F3214-E5C2-4D39-916F-1B0263D13F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F826B276-91E6-495E-B429-51B1C5ECB146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A732E6C-108F-447F-98B1-EA774A0537EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F948D474-2380-482C-8A63-88984AC2A86B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D2A323-5614-4569-AFE5-49CB99ACA279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74F2CA71-BD09-451C-931C-433024B6BF87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD002505-9F93-4243-BCF9-89421FDB7C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D7BB02-13EA-4F39-B751-DDF9AB50F868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"C9C8FE03-BB75-4F67-ADE4-891B6B956018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2\"}]}]}],\"references\":[{\"url\":\"http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561361\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55801\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Specific affected release information can be found from RealNetworks at: \\r\\n\\r\\nhttp://service.real.com/realplayer/security/01192010_player/en/\"}}"
}
}
var-201001-0747
Vulnerability from variot
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. Realnetworks RealPlayer Contains a buffer overflow vulnerability.Skillfully crafted by a third party RTSP SET_PARAMETER The request can have an impact related to buffer overflow. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. A remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Successful exploits will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. The following are vulnerable: RealPlayer SP 1.0.0 through 1.0.1 RealPlayer 11 11.0.0 through 11.0.5 RealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741 RealPlayer 10 and 10.1 Helix Player 11.0.0 through 11.0.2. The product provides features for downloading/converting videos (in web pages), editing videos, managing media files, and more. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/
TITLE: RealPlayer Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA38218
VERIFY ADVISORY: http://secunia.com/advisories/38218/
DESCRIPTION: Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system.
2) An unspecified error when processing GIF images can be exploited to cause a heap-based buffer overflow.
3) A vulnerability is caused due to an unspecified error related to HTTP chunk encoding.
5) An unspecified error when processing compressed GIF images can be exploited to cause a heap-based buffer overflow.
6) An unspecified error within the RealPlayer SMIL parsing can be exploited to cause a heap-based buffer overflow.
7) An unspecified error within the RealPlayer skin parsing can be exploited to cause a stack-based buffer overflow.
8) An unspecified error related to the RealPlayer ASM RuleBook can be exploited to cause an "array overflow".
10) Two vulnerabilities are caused due to errors within the processing of Internet Video Recording (IVR) files. Please see the vendor's advisory for details. http://service.real.com/realplayer/security/01192010_player/en/
PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Evgeny Legerov * anonymous persons working with iDEFENSE Labs * John Rambo and anonymous researchers working with TippingPoint's Zero Day Initiative
ORIGINAL ADVISORY: http://service.real.com/realplayer/security/01192010_player/en/
OTHER REFERENCES: SA33810: http://secunia.com/advisories/33810/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 02.01.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 01, 2010
I. BACKGROUND
RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. Since late 2003, Real Player has been based on the open-source Helix Player. More information can be found at the URLs shown. For more information, see the vendor's site found at the following links.
http://www.real.com/realplayer.html http://helixcommunity.org/
II.
This problem specifically exists in the CMediumBlockAllocator::Alloc method. When calculating the size of a memory allocation, an integer overflow occurs. This leads to heap corruption, which can result in the execution of arbitrary code.
III. ANALYSIS
Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user executing Real Player.
To be successful, an attacker must persuade a user to use Real Player to view specially crafted media. This could be accomplished via a Web page or direct link to the malicious media.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in Real Player versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on Windows. Other versions may also be affected. WORKAROUND
iDefense is currently unaware of any effective workaround for this issue.
VI. VENDOR RESPONSE
RealNetworks has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.
http://service.real.com/realplayer/security/01192010_player/en/
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-4248 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
01/11/2008 Initial Contact 01/11/2009 Initial Response 02/01/2010 Coordinated public disclosure.
IX. CREDIT
The discoverer of this vulnerability wishes to remain anonymous.
Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2010 iDefense, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
For more information: SA38218
SOLUTION: Updated packages are available via Red Hat Network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201001-0747",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "realplayer",
"scope": "eq",
"trust": 1.9,
"vendor": "realnetworks",
"version": "11.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.0"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.0"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.0"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "10.1"
},
{
"model": "helix player",
"scope": "eq",
"trust": 1.6,
"vendor": "realnetworks",
"version": "11.0.0"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "1.0.1"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.5"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.4"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.3"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "11.0.2"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 1.3,
"vendor": "realnetworks",
"version": "10.5"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 1.0,
"vendor": "realnetworks",
"version": "1.0.0"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "realnetworks",
"version": "*"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "(enterprise)"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "10"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "10.5"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "11"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "sp 1.0.0"
},
{
"model": "realnetworks realplayer",
"scope": "eq",
"trust": 0.8,
"vendor": "real",
"version": "sp 1.0.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (es)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4 (ws)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (as)"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.8 (es)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "4.0"
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "enterprise linux ws",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux es",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux as",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "enterprise linux desktop version",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4"
},
{
"model": "realplayer sp",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.0"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.7"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.6"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.5"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.2"
},
{
"model": "realplayer enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1.1"
},
{
"model": "realplayer enterprise",
"scope": null,
"trust": 0.3,
"vendor": "realnetworks",
"version": null
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.331"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.503"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.481"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.412"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.396"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.352"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.325"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.0.305"
},
{
"model": "realplayer for mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.1.3114"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.9"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.8"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.7"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.6"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.5"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.4"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.3"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.2"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "1010.0.1"
},
{
"model": "realplayer for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1741"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1698"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1675"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1663"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1483"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1348"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1235"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1069"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1059"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1056"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1053"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "10.5v6.0.12.1040"
},
{
"model": "realplayer",
"scope": "eq",
"trust": 0.3,
"vendor": "realnetworks",
"version": "11"
}
],
"sources": [
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:realnetworks:realplayer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Evgeny Legerov, anonymous researchers working with iDEFENSE Labs, John Rambo, Peter Vreugdenhil working with TippingPoint\u0027s Zero Day Initiative, and anonymous researchers working with TippingPoint\u0027s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "37880"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
}
],
"trust": 0.9
},
"cve": "CVE-2009-4248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2009-4248",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-41694",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-4248",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-4248",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201001-251",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-41694",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41694"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. Realnetworks RealPlayer Contains a buffer overflow vulnerability.Skillfully crafted by a third party RTSP SET_PARAMETER The request can have an impact related to buffer overflow. RealPlayer SP, RealPlayer, and Helix Player are prone to multiple remote vulnerabilities, including heap- and stack-based buffer-overflow issues. \nA remote attacker could exploit these issues by crafting a file and enticing an unsuspecting user to open it using a vulnerable application. Successful exploits will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThe following are vulnerable:\nRealPlayer SP 1.0.0 through 1.0.1\nRealPlayer 11 11.0.0 through 11.0.5\nRealPlayer 10.5 6.0.12.1040 through 6.0.12.163, 6.0.12.1675, 6.0.12.1698, and 6.0.12.1741\nRealPlayer 10 and 10.1\nHelix Player 11.0.0 through 11.0.2. The product provides features for downloading/converting videos (in web pages), editing videos, managing media files, and more. ----------------------------------------------------------------------\n\n\n\nSecunia integrated with Microsoft WSUS \nhttp://secunia.com/blog/71/\n\n\n\n----------------------------------------------------------------------\n\nTITLE:\nRealPlayer Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA38218\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38218/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in RealPlayer, which can be\nexploited by malicious people to compromise a vulnerable system. \n\n2) An unspecified error when processing GIF images can be exploited\nto cause a heap-based buffer overflow. \n\n3) A vulnerability is caused due to an unspecified error related to\nHTTP chunk encoding. \n\n5) An unspecified error when processing compressed GIF images can be\nexploited to cause a heap-based buffer overflow. \n\n6) An unspecified error within the RealPlayer SMIL parsing can be\nexploited to cause a heap-based buffer overflow. \n\n7) An unspecified error within the RealPlayer skin parsing can be\nexploited to cause a stack-based buffer overflow. \n\n8) An unspecified error related to the RealPlayer ASM RuleBook can be\nexploited to cause an \"array overflow\". \n\n10) Two vulnerabilities are caused due to errors within the\nprocessing of Internet Video Recording (IVR) files. Please see the vendor\u0027s advisory for\ndetails. \nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n* Evgeny Legerov\n* anonymous persons working with iDEFENSE Labs\n* John Rambo and anonymous researchers working with TippingPoint\u0027s\nZero Day Initiative\n\nORIGINAL ADVISORY:\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nOTHER REFERENCES:\nSA33810:\nhttp://secunia.com/advisories/33810/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. iDefense Security Advisory 02.01.10\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nFeb 01, 2010\n\nI. BACKGROUND\n\nRealPlayer is an application for playing various media formats,\ndeveloped by RealNetworks Inc. Since late 2003, Real Player has been\nbased on the open-source Helix Player. More information can be found at\nthe URLs shown. For more information, see the vendor\u0027s site found at the\nfollowing links. \n\nhttp://www.real.com/realplayer.html\nhttp://helixcommunity.org/\n\nII. \n\nThis problem specifically exists in the CMediumBlockAllocator::Alloc\nmethod. When calculating the size of a memory allocation, an integer\noverflow occurs. This leads to heap corruption, which can result in the\nexecution of arbitrary code. \n\nIII. ANALYSIS\n\nExploitation of this vulnerability results in the execution of arbitrary\ncode with the privileges of the user executing Real Player. \n\nTo be successful, an attacker must persuade a user to use Real Player to\nview specially crafted media. This could be accomplished via a Web page\nor direct link to the malicious media. \n\nIV. DETECTION\n\niDefense has confirmed the existence of this vulnerability in Real\nPlayer versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on\nWindows. Other versions may also be affected. WORKAROUND\n\niDefense is currently unaware of any effective workaround for this\nissue. \n\nVI. VENDOR RESPONSE\n\nRealNetworks has released a patch which addresses this issue. \nInformation about downloadable vendor updates can be found by clicking\non the URLs shown. \n\nhttp://service.real.com/realplayer/security/01192010_player/en/\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-4248 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/11/2008 Initial Contact\n01/11/2009 Initial Response\n02/01/2010 Coordinated public disclosure. \n\nIX. CREDIT\n\nThe discoverer of this vulnerability wishes to remain anonymous. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2010 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n\nFor more information:\nSA38218\n\nSOLUTION:\nUpdated packages are available via Red Hat Network",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-4248"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "VULHUB",
"id": "VHN-41694"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "85842"
},
{
"db": "PACKETSTORM",
"id": "86184"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-41694",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41694"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-4248",
"trust": 2.9
},
{
"db": "BID",
"id": "37880",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "38218",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1023489",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2010-0178",
"trust": 2.5
},
{
"db": "XF",
"id": "55801",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "38450",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[CLIENT-CVS] 20080117 CORE RTSPPROTOCOL.CPP,1.55.2.18,1.55.2.19",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[CLIENT-CVS] 20080117 CORE RTSPPROTOCOL.CPP,1.85,1.86",
"trust": 0.6
},
{
"db": "MLIST",
"id": "[CLIENT-DEV] 20080117 CR: FIX FOR BUG 211210",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2010:0094",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-10-010",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-008",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-006",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-005",
"trust": 0.3
},
{
"db": "ZDI",
"id": "ZDI-10-007",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "85842",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-41694",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "85439",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "86184",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41694"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "85842"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"id": "VAR-201001-0747",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-41694"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:47:35.495000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Releases Update to Address Security Vulnerabilities",
"trust": 0.8,
"url": "http://service.real.com/realplayer/security/01192010_player/en"
},
{
"title": "\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9",
"trust": 0.8,
"url": "http://service.real.com/realplayer/security/01192010_player/ja/"
},
{
"title": "RHSA-2010:0094",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2010-0094.html"
},
{
"title": "RealPlayerSP",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5472"
},
{
"title": "RealPlayerSPGold",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5471"
},
{
"title": "RealPlayer11GOLD",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5474"
},
{
"title": "RealPlayer11GOLD",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=5473"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41694"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/37880"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1023489"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/38218"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"trust": 2.2,
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"trust": 1.7,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"trust": 1.7,
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"trust": 1.7,
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"trust": 1.7,
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-january/003756.html"
},
{
"trust": 1.7,
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-january/003759.html"
},
{
"trust": 1.7,
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-january/004591.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2010-0094.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/55801"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10641"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/38450"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4248"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4248"
},
{
"trust": 0.3,
"url": "http://blogs.sun.com/security/entry/cve_2009_4247_buffer_overflow"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=839"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=837"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=838"
},
{
"trust": 0.3,
"url": "http://www.realnetworks.com/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-005/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-006/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-007/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-008/"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-10-010/"
},
{
"trust": 0.3,
"url": "/archive/1/509286"
},
{
"trust": 0.3,
"url": "/archive/1/509293"
},
{
"trust": 0.3,
"url": "/archive/1/509288"
},
{
"trust": 0.3,
"url": "/archive/1/509100"
},
{
"trust": 0.3,
"url": "/archive/1/509096"
},
{
"trust": 0.3,
"url": "/archive/1/509105"
},
{
"trust": 0.3,
"url": "/archive/1/509098"
},
{
"trust": 0.3,
"url": "/archive/1/509104"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/38218/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/blog/71/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/33810/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-4248"
},
{
"trust": 0.1,
"url": "http://helixcommunity.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/"
},
{
"trust": 0.1,
"url": "http://www.real.com/realplayer.html"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/38450/"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com"
},
{
"trust": 0.1,
"url": "http://rhn.redhat.com/errata/rhsa-2010-0094.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-41694"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "85842"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-41694"
},
{
"db": "BID",
"id": "37880"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"db": "PACKETSTORM",
"id": "85439"
},
{
"db": "PACKETSTORM",
"id": "85842"
},
{
"db": "PACKETSTORM",
"id": "86184"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-41694"
},
{
"date": "2010-01-20T00:00:00",
"db": "BID",
"id": "37880"
},
{
"date": "2010-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"date": "2010-01-20T16:00:34",
"db": "PACKETSTORM",
"id": "85439"
},
{
"date": "2010-02-02T02:24:47",
"db": "PACKETSTORM",
"id": "85842"
},
{
"date": "2010-02-11T10:10:16",
"db": "PACKETSTORM",
"id": "86184"
},
{
"date": "2010-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"date": "2010-01-25T19:30:01.543000",
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-41694"
},
{
"date": "2010-07-13T20:27:00",
"db": "BID",
"id": "37880"
},
{
"date": "2010-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001054"
},
{
"date": "2011-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201001-251"
},
{
"date": "2024-11-21T01:09:14.763000",
"db": "NVD",
"id": "CVE-2009-4248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "85842"
},
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Realnetworks RealPlayer Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001054"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201001-251"
}
],
"trust": 0.6
}
}
rhsa-2010:0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2025-10-09 13:26
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2025-10-09T13:26:17+00:00",
"generator": {
"date": "2025-10-09T13:26:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T13:26:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
RHSA-2010:0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2025-10-09 13:26
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2025-10-09T13:26:17+00:00",
"generator": {
"date": "2025-10-09T13:26:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-09T13:26:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
rhsa-2010_0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2024-11-22 03:16
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:04+00:00",
"generator": {
"date": "2024-11-22T03:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
gsd-2009-4248
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-4248",
"description": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"id": "GSD-2009-4248",
"references": [
"https://www.suse.com/security/cve/CVE-2009-4248.html",
"https://access.redhat.com/errata/RHSA-2010:0094",
"https://linux.oracle.com/cve/CVE-2009-4248.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-4248"
],
"details": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"id": "GSD-2009-4248",
"modified": "2023-12-13T01:19:45.124305Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561361",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86",
"refsource": "CONFIRM",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "oval:org.mitre.oval:def:10641",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"refsource": "MLIST",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4248"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38218",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.85,1.86",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"name": "[client-dev] 20080117 CR: fix for bug 211210",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"name": "[client-cvs] 20080117 core rtspprotocol.cpp,1.55.2.18,1.55.2.19",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561361",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"name": "38450",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "realplayer-rtsp-setparameter-bo(55801)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"name": "oval:org.mitre.oval:def:10641",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-09-19T01:29Z",
"publishedDate": "2010-01-25T19:30Z"
}
}
}
ghsa-wxc4-9pgw-f83x
Vulnerability from github
Published
2022-05-02 03:53
Modified
2025-04-11 03:31
VLAI Severity ?
Details
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
{
"affected": [],
"aliases": [
"CVE-2009-4248"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-01-25T19:30:00Z",
"severity": "HIGH"
},
"details": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"id": "GHSA-wxc4-9pgw-f83x",
"modified": "2025-04-11T03:31:04Z",
"published": "2022-05-02T03:53:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"type": "WEB",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"type": "WEB",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"type": "WEB",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"type": "WEB",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"type": "WEB",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38218"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38450"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1023489"
},
{
"type": "WEB",
"url": "http://service.real.com/realplayer/security/01192010_player/en"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/0178"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2009-4248
Vulnerability from fkie_nvd
Published
2010-01-25 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.5 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| realnetworks | realplayer | 11.0.2 | |
| realnetworks | realplayer | 11.0.3 | |
| realnetworks | realplayer | 11.0.4 | |
| realnetworks | realplayer | 11.0.5 | |
| realnetworks | realplayer_enterprise | * | |
| realnetworks | realplayer_sp | 1.0.0 | |
| realnetworks | realplayer_sp | 1.0.1 | |
| microsoft | windows | * | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 10.1 | |
| realnetworks | realplayer | 11.0 | |
| realnetworks | realplayer | 11.0.1 | |
| apple | mac_os_x | * | |
| realnetworks | helix_player | 10.0 | |
| realnetworks | helix_player | 11.0.0 | |
| realnetworks | helix_player | 11.0.1 | |
| realnetworks | realplayer | 10.0 | |
| realnetworks | realplayer | 11.0.0 | |
| realnetworks | realplayer | 11.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la funci\u00f3n RTSPProtocol::HandleSetParameterRequest en el archivo client/core/rtspprotocol.cpp en RealPlayer versi\u00f3n 10, RealPlayer versiones 10,5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versi\u00f3n 10, y Helix Player versiones 10.x, de RealNetworks, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario por medio de una petici\u00f3n RTSP SET_PARAMETER especialmente dise\u00f1ada."
}
],
"evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
"id": "CVE-2009-4248",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-25T19:30:01.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"source": "cve@mitre.org",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1023489"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.55.2.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/client/core/rtspprotocol.cpp?view=log#rev1.86"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…