{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2010:0094", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"}, {"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"}, {"name": "ADV-2010-0178", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0178"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"}, {"name": "61969", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/61969"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"}, {"name": "1023489", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023489"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://service.real.com/realplayer/security/01192010_player/en/"}, {"name": "38450", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38450"}, {"name": "oval:org.mitre.oval:def:9998", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"}, {"name": "38218", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38218"}, {"name": "realplayer-gifimage-bo(55800)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"}, {"name": "37880", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37880"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4245", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2010:0094", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"}, {"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6", "refsource": "MLIST", "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"}, {"name": "ADV-2010-0178", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0178"}, {"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7", "refsource": "CONFIRM", "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"}, {"name": "61969", "refsource": "OSVDB", "url": "http://osvdb.org/61969"}, {"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6", "refsource": "CONFIRM", "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"}, {"name": "1023489", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023489"}, {"name": "http://service.real.com/realplayer/security/01192010_player/en/", "refsource": "CONFIRM", "url": "http://service.real.com/realplayer/security/01192010_player/en/"}, {"name": "38450", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38450"}, {"name": "oval:org.mitre.oval:def:9998", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"}, {"name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5", "refsource": "CONFIRM", "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"}, {"name": "38218", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38218"}, {"name": "realplayer-gifimage-bo(55800)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"}, {"name": "37880", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37880"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:54:10.237Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2010:0094", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"}, {"name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"}, {"name": "ADV-2010-0178", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0178"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"}, {"name": "61969", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/61969"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"}, {"name": "1023489", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023489"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://service.real.com/realplayer/security/01192010_player/en/"}, {"name": "38450", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38450"}, {"name": "oval:org.mitre.oval:def:9998", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"}, {"name": "38218", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38218"}, {"name": "realplayer-gifimage-bo(55800)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"}, {"name": "37880", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37880"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4245", "datePublished": "2010-01-25T19:00:00", "dateReserved": "2009-12-09T00:00:00", "dateUpdated": "2024-08-07T06:54:10.237Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "348F3214-E5C2-4D39-916F-1B0263D13F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "F948D474-2380-482C-8A63-88984AC2A86B", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "CD49D16C-B0AC-4228-9984-010661596232", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F1D2A323-5614-4569-AFE5-49CB99ACA279", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "74F2CA71-BD09-451C-931C-433024B6BF87", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD002505-9F93-4243-BCF9-89421FDB7C0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "94D7BB02-13EA-4F39-B751-DDF9AB50F868", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*", "matchCriteriaId": "63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*", "matchCriteriaId": "C9C8FE03-BB75-4F67-ADE4-891B6B956018", "vulnerable": true}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*", "matchCriteriaId": "A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una imagen GIF comprimida."}], "evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/", "id": "CVE-2009-4245", "lastModified": "2017-09-19T01:29:56.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-01-25T19:30:01.433", "references": [{"source": "cve@mitre.org", "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/61969"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38218"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/38450"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1023489"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://service.real.com/realplayer/security/01192010_player/en/"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/37880"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0178"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"}, {"source": "cve@mitre.org", "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"}, {"source": "cve@mitre.org", "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"}, {"source": "cve@mitre.org", "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0094", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "HelixPlayer-1:1.0.6-1.el4_8.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-02-09T00:00:00Z"}], "bugzilla": {"description": "RealPlayer: compressed GIF heap overflow", "id": "561441", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."], "name": "CVE-2009-4245", "public_date": "2008-07-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-4245\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-4245"], "threat_severity": "Critical"}