cbcvebase.

Realnetworks Realplayer vulnerabilities

167 known vulnerabilities affecting realnetworks/realplayer.

Total CVEs
167
CISA KEV
0
Public exploits
24
Exploited in wild
1
Severity breakdown
CRITICAL118HIGH13MEDIUM32LOW4

Vulnerabilities

Page 2 of 9
CVE-2009-4242P3CRITICALCVSS 9.3v10.0v10.5+8 more2010-01-25
CVE-2009-4242 [CRITICAL] CWE-119 CVE-2009-4242: Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/g Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attacke
nvd
CVE-2007-2497P4HIGHCVSS 7.8PoC≤ 10.02007-05-04
CVE-2007-2497 [HIGH] CVE-2007-2497: RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consump RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
nvd
CVE-2014-3113P3CRITICALCVSS 9.3≤ 17.0.8.22v17.0.4.602014-07-07
CVE-2014-3113 [CRITICAL] CWE-119 CVE-2014-3113: Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to exec Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.
nvd
CVE-2012-0923P3CRITICALCVSS 9.3v14.0.0v14.0.1+21 more2012-02-08
CVE-2012-0923 [CRITICAL] CWE-94 CVE-2012-0923: The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1. The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.
nvd
CVE-2009-4257P3CRITICALCVSS 9.3v10.0v10.5+8 more2010-01-25
CVE-2009-4257 [CRITICAL] CWE-119 CVE-2009-4257: Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealP Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbi
nvd
CVE-2009-4244P3CRITICALCVSS 9.3v10.0v10.5+8 more2010-01-25
CVE-2009-4244 [CRITICAL] CWE-119 CVE-2009-4244: Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12 Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that t
nvd
CVE-2010-2996P3CRITICALCVSS 9.3v11.0v11.12010-08-30
CVE-2010-2996 [CRITICAL] CWE-94 CVE-2010-2996: Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
nvd
CVE-2011-4253P3CRITICALCVSS 10.0≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4253 [CRITICAL] CVE-2011-4253: Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPla Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2011-4250P3CRITICALCVSS 10.0≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4250 [CRITICAL] CVE-2011-4250: Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPla Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2010-4384P3CRITICALCVSS 9.3v11.0v11.0.1+7 more2010-12-14
CVE-2010-4384 [CRITICAL] CWE-20 CVE-2010-4384: Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac Rea Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file.
nvd
CVE-2011-1426P3CRITICALCVSS 9.3v11.0v11.1+3 more2011-04-18
CVE-2011-1426 [CRITICAL] CVE-2011-1426: The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 1 The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.
nvd
CVE-2012-0926P3CRITICALCVSS 9.3v14.0.0v14.0.1+21 more2012-02-08
CVE-2012-0926 [CRITICAL] CWE-94 CVE-2012-0926: The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1. The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.
nvd
CVE-2012-0924P3CRITICALCVSS 9.3v14.0.0v14.0.1+21 more2012-02-08
CVE-2012-0924 [CRITICAL] CWE-94 CVE-2012-0924: RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, a RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.
nvd
CVE-2012-0927P3CRITICALCVSS 9.3v14.0.0v14.0.1+21 more2012-02-08
CVE-2012-0927 [CRITICAL] CWE-94 CVE-2012-0927: Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealP Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.
nvd
CVE-2022-32271P3CRITICALCVSS 9.6v20.0.8.3102022-06-03
CVE-2022-32271 [CRITICAL] CWE-79 CVE-2022-32271: In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.
nvd
CVE-2010-4395P3CRITICALCVSS 9.3v11.0v11.0.1+6 more2010-12-14
CVE-2010-4395 [CRITICAL] CWE-119 CVE-2010-4395: Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1 Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data.
nvd
CVE-2011-0694P3CRITICALCVSS 9.3v11.0v11.1+7 more2011-02-21
CVE-2011-0694 [CRITICAL] CVE-2011-0694: RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Ente RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.
nvd
CVE-2010-0117P3CRITICALCVSS 9.3v11.0v11.12010-08-30
CVE-2010-0117 [CRITICAL] CVE-2010-0117: RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not prop RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
nvd
CVE-2011-2953P3CRITICALCVSS 10.0v11.0v11.1+12 more2011-08-18
CVE-2011-2953 [CRITICAL] CWE-119 CVE-2011-2953: An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 an An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.
nvd
CVE-2012-2406P3CRITICALCVSS 9.3≤ 15.0.4v4+29 more2012-05-18
CVE-2012-2406 [CRITICAL] CVE-2012-2406: RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly par RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.
nvd
Realnetworks Realplayer vulnerabilities | cvebase