Description
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
References (5)
Core 5
Core References
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7177
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104887465427579&w=2
Patch, Vendor Advisory x_refsource_misc
http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/705761
Scores
EPSS
0.0050
EPSS Percentile
66.1%
Details
Status
published
Products (10)
realnetworks/realone_enterprise_desktop
6.0.11.774
realnetworks/realone_player
2.0
realnetworks/realone_player
6.0.10.505 gold
realnetworks/realone_player
6.0.11.818
realnetworks/realone_player
6.0.11.830
realnetworks/realone_player
6.0.11.841
realnetworks/realone_player
6.0.11.853
realnetworks/realone_player
9.0.0.288
realnetworks/realone_player
9.0.0.297
realnetworks/realplayer
8.0
Published
Apr 02, 2003
Tracked Since
Feb 18, 2026