CVE-2010-4376

RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.1 - Heap-Based Buffer Overflow via GIF87a Screen Descriptor Header

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024861
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-10-271
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45411

Scores

EPSS 0.0505
EPSS Percentile 89.9%

Details

CWE
CWE-119
Status published
Products (14)
realnetworks/realplayer 11.0
realnetworks/realplayer 11.0.1
realnetworks/realplayer 11.0.2
realnetworks/realplayer 11.0.3
realnetworks/realplayer 11.0.4
realnetworks/realplayer 11.0.5
realnetworks/realplayer 11.1
realnetworks/realplayer 11.0.2.1744
realnetworks/realplayer_sp 1.0.0
realnetworks/realplayer_sp 1.0.1
... and 4 more
Published Dec 14, 2010
Tracked Since Feb 18, 2026