Red Hat Bugzilla – Bug 559995
HelixPlayer / RealPlayer: multiple security issues (01192010_player)
Last modified: 2010-02-09 04:09:19 EST
RealNetworks has published a security advisory mentioning 11 security issues affecting various RealPlayer / HelixPlayer versions:
Upstream advisory does not specify which issues should be applicable to HelixPlayer 1.0.x versions (Affected? By various).
Some of the issues are covered by 3rd party advisories (e.g. ZDI) listed below.
The identified vulnerability is a RealPlayer ASM Rulebook heap-based buffer overflow: CVE-2009-4241
The identified vulnerability is a RealPlayer GIF file Heap Overflow: CVE-2009-4242
The identified vulnerability is a RealPlayer media Overflow (http chunk encoding): CVE-2009-4243
The identified vulnerability is a RealPlayer IVR file processing buffer overflow: CVE-2009-0375
The identified vulnerability is a RealPlayer IVR file Heap overflow: CVE-2009-0376
http://www.fortiguard.com/advisory/FGA-2009-04.html (0375, 0376)
The identified vulnerability is a RealPlayer SIPR Codec Heap Overflow: CVE-2009-4244
The identified vulnerability is a RealPlayer compressed GIF Heap Overflow: CVE-2009-4245
The identified vulnerability is a RealPlayer SMIL Parsing Heap Overflow Vulnerability: CVE-2009-4257
The identified vulnerability is a RealPlayer Skin Parsing Stack Overflow Vulnerability: CVE-2009-4246
The identified vulnerability is a RealPlayer ASM RuleBook Array Overflow: CVE-2009-4247
The identified vulnerability is a RealPlayer rtsp set_parameter buffer overflow: CVE-2009-4248
Some of the issues affect proprietary codes / file formats that are only supported by RealPlayer or RealPlayer on certain platforms (IVR CVE-2009-0375, CVE-2009-0376; SIPR CVE-2009-4244).
Linux versions of RealPlayer and Helix Player don't seem to support skins (CVE-2009-4246)
RealNetworks confirmed that vulnerabilities 4, 5, 6 and 9 (listed in comment #1) did not affect HelixPlayer 1.x.
RealNetworks also confirmed that vulnerability 1 did not affect HelixPlayer 1.x. According to ZDI, the flaw existed in the code responsible for parsing ASMRuleBook structures in the Real Media (RM) format files. Codec for RM format is not included with HelixPlayer.
Remaining vulnerabilities 2, 3, 7, 8, 10, and 11 are tracked via separate bugs:
bug #561436 - GIF file heap overflow
bug #561388 - HTTP chunk encoding overflow
bug #561441 - compressed GIF heap overflow
bug #561309 - SMIL getAtom heap buffer overflow
bug #561338 - RTSP client ASM RuleBook stack buffer overflow
bug #561361 - RTSP SET_PARAMETER buffer overflow
While collecting patches for those issues, two additional older security fixes were spotted in the upstream CVS:
bug #561856 - URL unescape buffer overflow
bug #561860 - rule book handling heap corruption
Closing this one, all relevant issues are tracked via separate bugs.