CVE-2009-4245

RealNetworks RealPlayer <6.0.12.1741 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.

References (15)

Core 15

Core References

Various Sources x_refsource_confirm

https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2010-0094.html

Various Sources mailing-list x_refsource_mlist

http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html

Patch, Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0178

Various Sources x_refsource_confirm

https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/61969

Various Sources x_refsource_confirm

https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023489

Patch, Vendor Advisory x_refsource_confirm

http://service.real.com/realplayer/security/01192010_player/en/

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38450

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38218

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55800

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=561441

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/37880

Scores

EPSS 0.0736

EPSS Percentile 91.8%

Details

CWE

CWE-119

Status published

Products (16)

realnetworks/helix_player 10.0

realnetworks/helix_player 11.0.0

realnetworks/helix_player 11.0.1

realnetworks/realplayer 10.0 (2 CPE variants)

realnetworks/realplayer 10.5

realnetworks/realplayer 11.0

realnetworks/realplayer 11.0.1 (2 CPE variants)

realnetworks/realplayer 11.0.2

realnetworks/realplayer 11.0.3

realnetworks/realplayer 11.0.4

... and 6 more

Published Jan 25, 2010

Tracked Since Feb 18, 2026