Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2010-0416
Vulnerability from cvelistv5
Published
2010-02-18 23:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:12.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name": "oval:org.mitre.oval:def:10847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2010:0094",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "38450",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name": "oval:org.mitre.oval:def:10847",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0416",
"datePublished": "2010-02-18T23:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:45:12.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2010-0416\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-02-18T23:30:00.537\",\"lastModified\":\"2024-11-21T01:12:10.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en la funci\u00f3n Unescape en common/util/hxurl.cpp y player/hxclientkit/src/CHXClientSink.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento URL que contiene caracteres de % (porcentaje) que no est\u00e1n seguidos por dos d\u00edgitos hexadecimales.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:1.0.6:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"02C37959-EB6F-42A4-92AA-17A5251EB652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:*:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"30440AA2-F06F-425E-98D9-F8AA30AD1B7F\"}]}]}],\"references\":[{\"url\":\"http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561856\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2010_0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2024-11-22 03:16
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:04+00:00",
"generator": {
"date": "2024-11-22T03:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
rhsa-2010:0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2024-11-22 03:16
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:04+00:00",
"generator": {
"date": "2024-11-22T03:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
RHSA-2010:0094
Vulnerability from csaf_redhat
Published
2010-02-09 10:11
Modified
2024-11-22 03:16
Summary
Red Hat Security Advisory: HelixPlayer security update
Notes
Topic
An updated HelixPlayer package that fixes several security issues is now
available for Red Hat Enterprise Linux 4.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
HelixPlayer is a media player.
Multiple buffer and integer overflow flaws were found in the way
HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker
could create a specially-crafted GIF file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,
CVE-2009-4245)
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. An attacker
could create a specially-crafted SMIL file which would cause HelixPlayer to
crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)
A buffer overflow flaw was found in the way HelixPlayer handled the Real
Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP
server could use this flaw to crash HelixPlayer or, potentially, execute
arbitrary code. (CVE-2009-4248)
Multiple buffer overflow flaws were discovered in the way HelixPlayer
handled RuleBook structures in media files and RTSP streams.
Specially-crafted input could cause HelixPlayer to crash or, potentially,
execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)
A buffer overflow flaw was found in the way HelixPlayer performed URL
un-escaping. A specially-crafted URL string could cause HelixPlayer to
crash or, potentially, execute arbitrary code. (CVE-2010-0416)
All HelixPlayer users are advised to upgrade to this updated package,
which contains backported patches to resolve these issues. All running
instances of HelixPlayer must be restarted for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated HelixPlayer package that fixes several security issues is now\navailable for Red Hat Enterprise Linux 4.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "HelixPlayer is a media player.\n\nMultiple buffer and integer overflow flaws were found in the way\nHelixPlayer processed Graphics Interchange Format (GIF) files. An attacker\ncould create a specially-crafted GIF file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,\nCVE-2009-4245)\n\nA buffer overflow flaw was found in the way HelixPlayer processed\nSynchronized Multimedia Integration Language (SMIL) files. An attacker\ncould create a specially-crafted SMIL file which would cause HelixPlayer to\ncrash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)\n\nA buffer overflow flaw was found in the way HelixPlayer handled the Real\nTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP\nserver could use this flaw to crash HelixPlayer or, potentially, execute\narbitrary code. (CVE-2009-4248)\n\nMultiple buffer overflow flaws were discovered in the way HelixPlayer\nhandled RuleBook structures in media files and RTSP streams.\nSpecially-crafted input could cause HelixPlayer to crash or, potentially,\nexecute arbitrary code. (CVE-2009-4247, CVE-2010-0417)\n\nA buffer overflow flaw was found in the way HelixPlayer performed URL\nun-escaping. A specially-crafted URL string could cause HelixPlayer to\ncrash or, potentially, execute arbitrary code. (CVE-2010-0416)\n\nAll HelixPlayer users are advised to upgrade to this updated package,\nwhich contains backported patches to resolve these issues. All running\ninstances of HelixPlayer must be restarted for this update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0094",
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0094.json"
}
],
"title": "Red Hat Security Advisory: HelixPlayer security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:04+00:00",
"generator": {
"date": "2024-11-22T03:16:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0094",
"initial_release_date": "2010-02-09T10:11:00+00:00",
"revision_history": [
{
"date": "2010-02-09T10:11:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-02-09T05:14:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer-debuginfo@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_id": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/HelixPlayer@1.0.6-1.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-1:1.0.6-1.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src"
},
"product_reference": "HelixPlayer-1:1.0.6-1.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
},
"product_reference": "HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4242",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561436"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: GIF file heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4242"
},
{
"category": "external",
"summary": "RHBZ#561436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561436"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4242",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4242"
}
],
"release_date": "2008-09-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: GIF file heap overflow"
},
{
"cve": "CVE-2009-4245",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561441"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: compressed GIF heap overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4245"
},
{
"category": "external",
"summary": "RHBZ#561441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4245",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4245"
}
],
"release_date": "2008-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: compressed GIF heap overflow"
},
{
"cve": "CVE-2009-4247",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561338"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an \"array overflow.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4247"
},
{
"category": "external",
"summary": "RHBZ#561338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4247"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4247"
}
],
"release_date": "2009-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP client ASM RuleBook stack buffer overflow"
},
{
"cve": "CVE-2009-4248",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561361"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: RTSP SET_PARAMETER buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4248"
},
{
"category": "external",
"summary": "RHBZ#561361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4248",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4248"
}
],
"release_date": "2008-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: RTSP SET_PARAMETER buffer overflow"
},
{
"cve": "CVE-2009-4257",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561309"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: SMIL getAtom heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4257"
},
{
"category": "external",
"summary": "RHBZ#561309",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561309"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4257",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4257"
}
],
"release_date": "2008-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: SMIL getAtom heap buffer overflow"
},
{
"cve": "CVE-2010-0416",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561856"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: URL unescape buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0416"
},
{
"category": "external",
"summary": "RHBZ#561856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
}
],
"release_date": "2010-01-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: URL unescape buffer overflow"
},
{
"cve": "CVE-2010-0417",
"discovery_date": "2010-01-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "561860"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "RealPlayer: rule book handling heap corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0417"
},
{
"category": "external",
"summary": "RHBZ#561860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0417"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0417"
}
],
"release_date": "2008-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "RealPlayer: rule book handling heap corruption"
},
{
"cve": "CVE-2010-4376",
"discovery_date": "2010-12-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "662772"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-4376"
},
{
"category": "external",
"summary": "RHBZ#662772",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=662772"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-4376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4376"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4376"
}
],
"release_date": "2010-12-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-02-09T10:11:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0094"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4AS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4AS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4Desktop:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4Desktop:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4ES:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4ES:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.ppc",
"4WS:HelixPlayer-1:1.0.6-1.el4_8.1.src",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.i386",
"4WS:HelixPlayer-debuginfo-1:1.0.6-1.el4_8.1.ppc"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)"
}
]
}
ghsa-mcf9-pq3p-q6q8
Vulnerability from github
Published
2022-05-02 06:12
Modified
2022-05-02 06:12
Details
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
{
"affected": [],
"aliases": [
"CVE-2010-0416"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-02-18T23:30:00Z",
"severity": "HIGH"
},
"details": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"id": "GHSA-mcf9-pq3p-q6q8",
"modified": "2022-05-02T06:12:34Z",
"published": "2022-05-02T06:12:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0416"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"type": "WEB",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
},
{
"type": "WEB",
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38450"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
fkie_cve-2010-0416
Vulnerability from fkie_nvd
Published
2010-02-18 23:30
Modified
2024-11-21 01:12
Severity ?
Summary
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| realnetworks | helix_player | 1.0.6 | |
| realnetworks | realplayer | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:realnetworks:helix_player:1.0.6:*:linux:*:*:*:*:*",
"matchCriteriaId": "02C37959-EB6F-42A4-92AA-17A5251EB652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:realnetworks:realplayer:*:*:linux:*:*:*:*:*",
"matchCriteriaId": "30440AA2-F06F-425E-98D9-F8AA30AD1B7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n Unescape en common/util/hxurl.cpp y player/hxclientkit/src/CHXClientSink.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento URL que contiene caracteres de % (porcentaje) que no est\u00e1n seguidos por dos d\u00edgitos hexadecimales."
}
],
"id": "CVE-2010-0416",
"lastModified": "2024-11-21T01:12:10.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-18T23:30:00.537",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"source": "secalert@redhat.com",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/38450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2010-0416
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2010-0416",
"description": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"id": "GSD-2010-0416",
"references": [
"https://www.suse.com/security/cve/CVE-2010-0416.html",
"https://access.redhat.com/errata/RHSA-2010:0094",
"https://linux.oracle.com/cve/CVE-2010-0416.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2010-0416"
],
"details": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.",
"id": "GSD-2010-0416",
"modified": "2023-12-13T01:21:28.313202Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html",
"refsource": "MISC",
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "http://secunia.com/advisories/38450",
"refsource": "MISC",
"url": "http://secunia.com/advisories/38450"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2010-0094.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1",
"refsource": "MISC",
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561856",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realnetworks:realplayer:*:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:realnetworks:helix_player:1.0.6:*:linux:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0416"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561856",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=561856"
},
{
"name": "[common-cvs] 20070703 util hxurl.cpp,1.24.4.1,1.24.4.1.4.1",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html"
},
{
"name": "RHSA-2010:0094",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
},
{
"name": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1",
"refsource": "CONFIRM",
"tags": [],
"url": "https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1"
},
{
"name": "38450",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/38450"
},
{
"name": "oval:org.mitre.oval:def:10847",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-09-19T01:30Z",
"publishedDate": "2010-02-18T23:30Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.