Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4242 to the following vulnerability: Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation. References: http://service.real.com/realplayer/security/01192010_player/en/ http://www.zerodayinitiative.com/advisories/ZDI-10-006/ http://www.securityfocus.com/archive/1/509096/100/0/threaded http://xforce.iss.net/xforce/xfdb/55795
According to upstream, this should be: http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008633.html https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.8
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0094 https://rhn.redhat.com/errata/RHSA-2010-0094.html
Note that we've set the public= date to September 2008 because that was the date of the commit that mentioned this as a security issue, even though the advisories and disclosures did not happen until Jan 2010.