blob: 1d2e094751e46f651be4561fd824b8566d165b88 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200507-04">
<title>RealPlayer: Heap overflow vulnerability</title>
RealPlayer is vulnerable to a heap overflow that could lead to remote
execution of arbitrary code.
<product type="ebuild">realplayer</product>
<announced>July 06, 2005</announced>
<revised>July 06, 2005: 01</revised>
<package name="media-video/realplayer" auto="yes" arch="*">
<unaffected range="ge">10.0.5</unaffected>
<vulnerable range="lt">10.0.5</vulnerable>
RealPlayer is a multimedia player capable of handling multiple
multimedia file formats.
RealPlayer is vulnerable to a heap overflow when opening RealMedia
files which make use of RealText.
<impact type="normal">
By enticing a user to play a specially crafted RealMedia file an
attacker could execute arbitrary code with the permissions of the user
running the application.
There is no known workaround at this time.
All RealPlayer users should upgrade to the latest available
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-video/realplayer-10.0.5&quot;</code>
<uri link="">RealNetworks Security Advisory</uri>
<uri link="">CAN-2005-1766</uri>
<metadata tag="requester" timestamp="Sun, 26 Jun 2005 18:08:55 +0000">
<metadata tag="submitter" timestamp="Sun, 26 Jun 2005 18:38:32 +0000">
<metadata tag="bugReady" timestamp="Wed, 06 Jul 2005 12:36:44 +0000">