Bug 245836 (CVE-2007-3410)

Summary: CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: caillon
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-10-26 08:11:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 245838, 245839, 245840, 245841, 245842, 245843, 245844, 245845, 245846, 245848, 245850    
Bug Blocks:    
Attachments:
Description Flags
Patch created by Chris Aillon none

Description Josh Bressers 2007-06-26 23:27:04 UTC
A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer
handle the wallclock variable in Synchronized Multimedia Integration Language
(SMIL) files.

More information regarding this flaw can be found here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547

Comment 5 Mark J. Cox 2007-06-27 08:54:46 UTC
Note the latest realplayer for Linux from real.com, version 10.0.8.805
segfaults using the reproducer.

Comment 8 Josh Bressers 2007-06-27 14:21:31 UTC
Created attachment 158016 [details]
Patch created by Chris Aillon

Comment 9 Mark J. Cox 2007-07-16 13:25:45 UTC
still no update from Real, 10.0.8.805 is latest available

Comment 10 Mark J. Cox 2007-08-01 09:10:20 UTC
still no update from Real, 10.0.8.805 is latest available on their site

Comment 12 Mark J. Cox 2007-08-17 08:09:49 UTC
The Real security page hasn't been updated with the new build, but if you visit
www.real.com and download the Linux version you get 10.0.9.809 and the version
release notes include:

  What's New in 10.0.9.809

    Security bugs fixes.

That's good enough for me, pushing update RHSA-2007:0841

Comment 13 Tomas Hoger 2007-10-26 08:11:23 UTC
Fix was now publicly announced by RealNetworks:

http://service.real.com/realplayer/security/10252007_player/en/

Vulnerability 3:
The identified vulnerability is a malicious SMIL file which could cause a buffer
overflow in the RealPlayer. CVE-2007-3410