CVE-2014-3113

Realnetworks Realplayer < 17.0.8.22 - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.

References (4)

[Vendor Advisory] http://service.real.com/realplayer/security/06272014_player/en/

[Vendor Advisory] http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption/

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030524

[Third Party Advisory] http://secunia.com/advisories/59238

Scores

EPSS 0.1220

EPSS Percentile 93.7%

Classification

CWE

CWE-119

Status draft

Affected Products (2)

realnetworks/realplayer < 17.0.8.22

realnetworks/realplayer

Timeline

Published Jul 07, 2014

Tracked Since Feb 18, 2026