245836 – (CVE-2007-3410) CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow

Bug 245836 (CVE-2007-3410) - CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow

Summary: CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2007-3410
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	245838 245839 245840 245841 245842 245843 245844 245845 245846 245848 245850
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-26 23:27 UTC by Josh Bressers
Modified:	2019-09-29 12:20 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-10-26 08:11:23 UTC
Embargoed:

Attachments	(Terms of Use)
Patch created by Chris Aillon (3.69 KB, patch) 2007-06-27 14:21 UTC, Josh Bressers	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0605	0	normal	SHIPPED_LIVE	Critical: HelixPlayer security update	2008-01-07 22:19:11 UTC
Red Hat Product Errata	RHSA-2007:0841	0	normal	SHIPPED_LIVE	Critical: RealPlayer security update	2007-08-17 08:11:11 UTC

Description Josh Bressers 2007-06-26 23:27:04 UTC

A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer
handle the wallclock variable in Synchronized Multimedia Integration Language
(SMIL) files.

More information regarding this flaw can be found here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547

Comment 5 Mark J. Cox 2007-06-27 08:54:46 UTC

Note the latest realplayer for Linux from real.com, version 10.0.8.805
segfaults using the reproducer.

Comment 8 Josh Bressers 2007-06-27 14:21:31 UTC

Created attachment 158016 [details]
Patch created by Chris Aillon

Comment 9 Mark J. Cox 2007-07-16 13:25:45 UTC

still no update from Real, 10.0.8.805 is latest available

Comment 10 Mark J. Cox 2007-08-01 09:10:20 UTC

still no update from Real, 10.0.8.805 is latest available on their site

Comment 12 Mark J. Cox 2007-08-17 08:09:49 UTC

The Real security page hasn't been updated with the new build, but if you visit
www.real.com and download the Linux version you get 10.0.9.809 and the version
release notes include:

  What's New in 10.0.9.809

    Security bugs fixes.

That's good enough for me, pushing update RHSA-2007:0841

Comment 13 Tomas Hoger 2007-10-26 08:11:23 UTC

Fix was now publicly announced by RealNetworks:

http://service.real.com/realplayer/security/10252007_player/en/

Vulnerability 3:
The identified vulnerability is a malicious SMIL file which could cause a buffer
overflow in the RealPlayer. CVE-2007-3410

Note You need to log in before you can comment on or make changes to this bug.