CVE-2009-4245: Buffer Overflow
First published: Wed Jul 23 2008(Updated: )
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealPlayer | =11.0.1 | |
| RealNetworks Helix Player Linux | =11.0.1 | |
| RealPlayer | =10.0 | |
| RealNetworks Helix Player Linux | =11.0.0 | |
| RealNetworks Helix Player Linux | =10.0 | |
| RealPlayer | =11.0.0 | |
| RealPlayer | =10.0 | |
| RealPlayer | =10.5 | |
| RealPlayer | =11.0 | |
| RealPlayer | =11.0.1 | |
| RealPlayer | =11.0.2 | |
| RealPlayer | =11.0.3 | |
| RealPlayer | =11.0.4 | |
| RealPlayer | =11.0.5 | |
| RealPlayer | ||
| RealPlayer | =1.0.0 | |
| RealPlayer | =1.0.1 | |
| Microsoft Windows Operating System | ||
| RealPlayer | =10.1 | |
| Apple iOS and macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/38218
- http://service.real.com/realplayer/security/01192010_player/en/
- http://www.vupen.com/english/advisories/2010/0178
- http://securitytracker.com/id?1023489
- http://www.securityfocus.com/bid/37880
- http://osvdb.org/61969
- https://bugzilla.redhat.com/show_bug.cgi?id=561441
- http://www.redhat.com/support/errata/RHSA-2010-0094.html
- http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html
- https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5
- https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7
- https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6
- http://secunia.com/advisories/38450
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55800
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998
- https://access.redhat.com/security/cve/CVE-2009-4245
- http://xforce.iss.net/xforce/xfdb/55800
- https://rhn.redhat.com/errata/RHSA-2010-0094.html
- https://www.cve.org/CVERecord?id=CVE-2009-4245 https://nvd.nist.gov/vuln/detail/CVE-2009-4245
- https://access.redhat.com/errata/RHSA-2010:0094
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4245.json
Frequently Asked Questions
What is the severity of CVE-2009-4245?
CVE-2009-4245 has been classified as a high severity vulnerability due to the potential for remote attackers to cause denial of service.
How do I fix CVE-2009-4245?
To fix CVE-2009-4245, it is recommended to update to the latest version of RealPlayer or apply any available security patches.
What software is affected by CVE-2009-4245?
CVE-2009-4245 affects multiple versions of RealPlayer 10 and 11, as well as Helix Player 10.x.
Can CVE-2009-4245 be exploited remotely?
Yes, CVE-2009-4245 can be exploited remotely, allowing attackers to execute a denial of service attack.
What type of vulnerability is CVE-2009-4245?
CVE-2009-4245 is a heap-based buffer overflow vulnerability.
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4245
- collector/redhat-cve
- agent/first-publish-date
- agent/references
- agent/remedy
- agent/author
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/realnetworks
- canonical/realplayer
- version/realplayer/11.0.1
- canonical/realnetworks helix player linux
- version/realnetworks helix player linux/11.0.1
- version/realplayer/10.0
- version/realnetworks helix player linux/11.0.0
- version/realnetworks helix player linux/10.0
- version/realplayer/11.0.0
- version/realplayer/10.5
- version/realplayer/11.0
- version/realplayer/11.0.2
- version/realplayer/11.0.3
- version/realplayer/11.0.4
- version/realplayer/11.0.5
- version/realplayer/1.0.0
- version/realplayer/1.0.1
- vendor/microsoft
- canonical/microsoft windows operating system
- version/realplayer/10.1
- vendor/apple
- canonical/apple ios and macos