RHSA-2010:0094: Critical: HelixPlayer security update
First published: Tue Feb 09 2010(Updated: )
HelixPlayer is a media player.<br>Multiple buffer and integer overflow flaws were found in the way<br>HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker<br>could create a specially-crafted GIF file which would cause HelixPlayer to<br>crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242,<br>CVE-2009-4245)<br>A buffer overflow flaw was found in the way HelixPlayer processed<br>Synchronized Multimedia Integration Language (SMIL) files. An attacker<br>could create a specially-crafted SMIL file which would cause HelixPlayer to<br>crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257)<br>A buffer overflow flaw was found in the way HelixPlayer handled the Real<br>Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP<br>server could use this flaw to crash HelixPlayer or, potentially, execute<br>arbitrary code. (CVE-2009-4248)<br>Multiple buffer overflow flaws were discovered in the way HelixPlayer<br>handled RuleBook structures in media files and RTSP streams.<br>Specially-crafted input could cause HelixPlayer to crash or, potentially,<br>execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)<br>A buffer overflow flaw was found in the way HelixPlayer performed URL<br>un-escaping. A specially-crafted URL string could cause HelixPlayer to<br>crash or, potentially, execute arbitrary code. (CVE-2010-0416)<br>All HelixPlayer users are advised to upgrade to this updated package,<br>which contains backported patches to resolve these issues. All running<br>instances of HelixPlayer must be restarted for this update to take effect.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561309
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561338
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561361
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561436
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561441
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561856
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=561860
- http://www.redhat.com/security/updates/classification/#critical
- https://access.redhat.com/errata/RHSA-2010:0094 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0094
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness