CVE-2003-0141

Description

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.

Affected products

RealNetworks / realone_enterprise_desktop6.0.11.774 – 6.0.11.774
RealNetworks / realone_player2.0 – 2.0
RealNetworks / realone_player6.0.10.505 – 6.0.10.505
RealNetworks / realone_player6.0.11.818 – 6.0.11.818
RealNetworks / realone_player6.0.11.830 – 6.0.11.830
RealNetworks / realone_player6.0.11.841 – 6.0.11.841
RealNetworks / realone_player6.0.11.853 – 6.0.11.853
RealNetworks / realone_player9.0.0.288 – 9.0.0.288
RealNetworks / realone_player9.0.0.297 – 9.0.0.297
RealNetworks / realplayer8.0 – 8.0

References

MISChttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html
MISChttp://www.securityfocus.com/bid/7177
MAILING_LISThttp://marc.info/?l=bugtraq&m=104887465427579&w=2
MISChttp://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10
MISChttp://www.kb.cert.org/vuls/id/705761