RHSA-2010:0094: Critical: HelixPlayer security update
First published: Tue Feb 09 2010(Updated: )
HelixPlayer is a media player.<br>Multiple buffer and integer overflow flaws were found in the way<br>HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker<br>could create a specially-crafted GIF file which would cause HelixPlayer to<br>crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,<br>CVE-2009-4245)<br>A buffer overflow flaw was found in the way HelixPlayer processed<br>Synchronized Multimedia Integration Language (SMIL) files. An attacker<br>could create a specially-crafted SMIL file which would cause HelixPlayer to<br>crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)<br>A buffer overflow flaw was found in the way HelixPlayer handled the Real<br>Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP<br>server could use this flaw to crash HelixPlayer or, potentially, execute<br>arbitrary code. (CVE-2009-4248)<br>Multiple buffer overflow flaws were discovered in the way HelixPlayer<br>handled RuleBook structures in media files and RTSP streams.<br>Specially-crafted input could cause HelixPlayer to crash or, potentially,<br>execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)<br>A buffer overflow flaw was found in the way HelixPlayer performed URL<br>un-escaping. A specially-crafted URL string could cause HelixPlayer to<br>crash or, potentially, execute arbitrary code. (CVE-2010-0416)<br>All HelixPlayer users are advised to upgrade to this updated package,<br>which contains backported patches to resolve these issues. All running<br>instances of HelixPlayer must be restarted for this update to take effect.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Helix Player |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561309
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561338
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561361
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561436
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561441
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561856
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561860
- http://www.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/errata/RHSA-2010:0094 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2010:0094?
The severity of RHSA-2010:0094 is classified as moderate due to the potential for crashes and exploitation.
How do I fix RHSA-2010:0094?
To fix RHSA-2010:0094, update HelixPlayer to the latest version provided by RealNetworks.
What vulnerabilities are addressed in RHSA-2010:0094?
RHSA-2010:0094 addresses multiple buffer and integer overflow vulnerabilities in HelixPlayer.
Who is affected by RHSA-2010:0094?
Users of HelixPlayer are affected by RHSA-2010:0094, particularly those processing GIF files.
What can happen if RHSA-2010:0094 is exploited?
If exploited, RHSA-2010:0094 can cause HelixPlayer to crash or lead to potential remote code execution.
- agent/severity
- agent/weakness
- agent/type
- agent/event
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0094
- agent/first-publish-date
- agent/trending
- agent/title
- agent/references
- agent/remedy
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/realnetworks
- canonical/helix player