CVE-2009-4245 (GCVE-0-2009-4245)

Vulnerability from cvelistv5 – Published: 2010-01-25 19:00 – Updated: 2024-08-07 06:54
VLAI?
Summary
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:54:10.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2010:0094",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
          },
          {
            "name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
          },
          {
            "name": "ADV-2010-0178",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0178"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
          },
          {
            "name": "61969",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/61969"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
          },
          {
            "name": "1023489",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023489"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://service.real.com/realplayer/security/01192010_player/en/"
          },
          {
            "name": "38450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38450"
          },
          {
            "name": "oval:org.mitre.oval:def:9998",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
          },
          {
            "name": "38218",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38218"
          },
          {
            "name": "realplayer-gifimage-bo(55800)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
          },
          {
            "name": "37880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37880"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2010:0094",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
        },
        {
          "name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
        },
        {
          "name": "ADV-2010-0178",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0178"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
        },
        {
          "name": "61969",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/61969"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
        },
        {
          "name": "1023489",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023489"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://service.real.com/realplayer/security/01192010_player/en/"
        },
        {
          "name": "38450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38450"
        },
        {
          "name": "oval:org.mitre.oval:def:9998",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
        },
        {
          "name": "38218",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38218"
        },
        {
          "name": "realplayer-gifimage-bo(55800)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
        },
        {
          "name": "37880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37880"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4245",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2010:0094",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0094.html"
            },
            {
              "name": "[datatype-cvs] 20080722 image/gif/common gifcodec.cpp, 1.6, 1.7 gifimage.cpp, 1.5, 1.6",
              "refsource": "MLIST",
              "url": "http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html"
            },
            {
              "name": "ADV-2010-0178",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0178"
            },
            {
              "name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7",
              "refsource": "CONFIRM",
              "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7"
            },
            {
              "name": "61969",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/61969"
            },
            {
              "name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6",
              "refsource": "CONFIRM",
              "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6"
            },
            {
              "name": "1023489",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023489"
            },
            {
              "name": "http://service.real.com/realplayer/security/01192010_player/en/",
              "refsource": "CONFIRM",
              "url": "http://service.real.com/realplayer/security/01192010_player/en/"
            },
            {
              "name": "38450",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38450"
            },
            {
              "name": "oval:org.mitre.oval:def:9998",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998"
            },
            {
              "name": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5",
              "refsource": "CONFIRM",
              "url": "https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5"
            },
            {
              "name": "38218",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38218"
            },
            {
              "name": "realplayer-gifimage-bo(55800)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55800"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=561441",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561441"
            },
            {
              "name": "37880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37880"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4245",
    "datePublished": "2010-01-25T19:00:00",
    "dateReserved": "2009-12-09T00:00:00",
    "dateUpdated": "2024-08-07T06:54:10.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD49D16C-B0AC-4228-9984-010661596232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"348F3214-E5C2-4D39-916F-1B0263D13F40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F826B276-91E6-495E-B429-51B1C5ECB146\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A732E6C-108F-447F-98B1-EA774A0537EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F948D474-2380-482C-8A63-88984AC2A86B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD49D16C-B0AC-4228-9984-010661596232\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1D2A323-5614-4569-AFE5-49CB99ACA279\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74F2CA71-BD09-451C-931C-433024B6BF87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD002505-9F93-4243-BCF9-89421FDB7C0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94D7BB02-13EA-4F39-B751-DDF9AB50F868\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"C9C8FE03-BB75-4F67-ADE4-891B6B956018\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*\", \"matchCriteriaId\": \"A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en memoria din\\u00e1mica  en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\\u00e9s de una imagen GIF comprimida.\"}]",
      "evaluatorComment": "Specific affected release information can be found from RealNetworks at: \r\n\r\nhttp://service.real.com/realplayer/security/01192010_player/en/",
      "id": "CVE-2009-4245",
      "lastModified": "2024-11-21T01:09:14.347",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-01-25T19:30:01.433",
      "references": "[{\"url\": \"http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/61969\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/38218\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/38450\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1023489\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://service.real.com/realplayer/security/01192010_player/en/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0094.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/37880\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0178\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=561441\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/55800\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/61969\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38218\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/38450\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1023489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://service.real.com/realplayer/security/01192010_player/en/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0094.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/37880\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0178\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=561441\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/55800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4245\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-01-25T19:30:01.433\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica  en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de una imagen GIF comprimida.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348F3214-E5C2-4D39-916F-1B0263D13F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11B7CB5F-ACFA-439B-A9B7-54DA402A6029\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A681B8-62F1-4B23-9E0B-39C61BE72F44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F826B276-91E6-495E-B429-51B1C5ECB146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A732E6C-108F-447F-98B1-EA774A0537EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F948D474-2380-482C-8A63-88984AC2A86B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD49D16C-B0AC-4228-9984-010661596232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1D2A323-5614-4569-AFE5-49CB99ACA279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8985B3B-BCC9-431D-9788-0C1949DF46E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C7517C2-71A8-4223-9F9A-2FE5A2153B53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74F2CA71-BD09-451C-931C-433024B6BF87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD002505-9F93-4243-BCF9-89421FDB7C0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D7BB02-13EA-4F39-B751-DDF9AB50F868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"63F83DBE-F01B-4D6B-9CC4-D5170C2C1D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"C9C8FE03-BB75-4F67-ADE4-891B6B956018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*\",\"matchCriteriaId\":\"A1577DE0-6C52-4BE6-8E5F-D90B2DAE8BD2\"}]}]}],\"references\":[{\"url\":\"http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/61969\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561441\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55800\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/61969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38218\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://service.real.com/realplayer/security/01192010_player/en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0094.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37880\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0178\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=561441\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifcodec.cpp?view=log#rev1.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/gifimage.cpp?view=log#rev1.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helixcommunity.org/viewcvs/datatype/image/gif/common/pub/gifcodec.h?view=log#rev1.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9998\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Specific affected release information can be found from RealNetworks at: \\r\\n\\r\\nhttp://service.real.com/realplayer/security/01192010_player/en/\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.