Bug 245836 - (CVE-2007-3410) CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow
CVE-2007-3410 RealPlayer/HelixPlayer buffer overflow
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
impact=critical,source=internet,repor...
: Security
Depends On: 245838 245839 245840 245841 245842 245843 245844 245845 245846 245848 245850
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-26 19:27 EDT by Josh Bressers
Modified: 2007-10-26 04:11 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-26 04:11:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch created by Chris Aillon (3.69 KB, patch)
2007-06-27 10:21 EDT, Josh Bressers
no flags Details | Diff

  None (edit)
Description Josh Bressers 2007-06-26 19:27:04 EDT
A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer
handle the wallclock variable in Synchronized Multimedia Integration Language
(SMIL) files.

More information regarding this flaw can be found here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547
Comment 5 Mark J. Cox (Product Security) 2007-06-27 04:54:46 EDT
Note the latest realplayer for Linux from real.com, version 10.0.8.805
segfaults using the reproducer.
Comment 8 Josh Bressers 2007-06-27 10:21:31 EDT
Created attachment 158016 [details]
Patch created by Chris Aillon
Comment 9 Mark J. Cox (Product Security) 2007-07-16 09:25:45 EDT
still no update from Real, 10.0.8.805 is latest available
Comment 10 Mark J. Cox (Product Security) 2007-08-01 05:10:20 EDT
still no update from Real, 10.0.8.805 is latest available on their site
Comment 12 Mark J. Cox (Product Security) 2007-08-17 04:09:49 EDT
The Real security page hasn't been updated with the new build, but if you visit
www.real.com and download the Linux version you get 10.0.9.809 and the version
release notes include:

  What's New in 10.0.9.809

    Security bugs fixes.

That's good enough for me, pushing update RHSA-2007:0841
Comment 13 Tomas Hoger 2007-10-26 04:11:23 EDT
Fix was now publicly announced by RealNetworks:

http://service.real.com/realplayer/security/10252007_player/en/

Vulnerability 3:
The identified vulnerability is a malicious SMIL file which could cause a buffer
overflow in the RealPlayer. CVE-2007-3410

Note You need to log in before you can comment on or make changes to this bug.