cbcvebase.

Realnetworks Realplayer vulnerabilities

167 known vulnerabilities affecting realnetworks/realplayer.

Total CVEs
167
CISA KEV
0
Public exploits
24
Exploited in wild
1
Severity breakdown
CRITICAL118HIGH13MEDIUM32LOW4

Vulnerabilities

Page 5 of 9
CVE-2010-0116P3CRITICALCVSS 9.3v11.0v11.12010-08-30
CVE-2010-0116 [CRITICAL] CWE-189 CVE-2010-0116: Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
nvd
CVE-2011-4244P3CRITICALCVSS 10.0≤ 14.0.7v4+28 more2011-11-24
CVE-2011-4244 [CRITICAL] CWE-119 CVE-2011-4244: Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2011-2951P3CRITICALCVSS 9.3v11.0v11.1+7 more2011-08-18
CVE-2011-2951 [CRITICAL] CWE-119 CVE-2011-2951: Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer S Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
nvd
CVE-2008-3066P3CRITICALCVSS 9.3v10.0v10.52008-07-28
CVE-2008-3066 [CRITICAL] CWE-119 CVE-2008-3066: Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer En Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
nvd
CVE-2011-4252P3CRITICALCVSS 9.3≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4252 [CRITICAL] CWE-94 CVE-2011-4252: The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.
nvd
CVE-2011-2954P3CRITICALCVSS 9.3v11.0v11.1+6 more2011-08-18
CVE-2011-2954 [CRITICAL] CWE-399 CVE-2011-2954: Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
nvd
CVE-2010-4394P3CRITICALCVSS 9.3v11.0v11.0.1+5 more2010-12-14
CVE-2010-4394 [CRITICAL] CWE-119 CVE-2010-4394: Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 throug Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file.
nvd
CVE-2007-4599P3CRITICALCVSS 9.3v10.0v10.52007-10-31
CVE-2007-4599 [CRITICAL] CWE-119 CVE-2007-4599: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 an Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
nvd
CVE-2007-2263P3CRITICALCVSS 9.3v10.0v10.1+1 more2007-10-31
CVE-2007-2263 [CRITICAL] CWE-119 CVE-2007-2263: Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
nvd
CVE-2022-32291P3HIGHCVSS 8.8≤ 20.1.0.3122022-06-05
CVE-2022-32291 [HIGH] CVE-2022-32291: In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathn In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.
nvd
CVE-2010-4378P3CRITICALCVSS 9.3v11.0v11.0.1+8 more2010-12-14
CVE-2010-4378 [CRITICAL] CWE-119 CVE-2010-4378: The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlaye The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via
nvd
CVE-2009-4243P3CRITICALCVSS 9.3v10.0v10.5+8 more2010-01-25
CVE-2009-4243 [CRITICAL] CWE-119 CVE-2009-4243: RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 th RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
nvd
CVE-2010-4382P3CRITICALCVSS 9.3v11.0v11.0.1+7 more2010-12-14
CVE-2010-4382 [CRITICAL] CWE-119 CVE-2010-4382: Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file.
nvd
CVE-2011-4259P3CRITICALCVSS 9.3≤ 14.0.7v4+28 more2011-11-24
CVE-2011-4259 [CRITICAL] CWE-189 CVE-2011-4259: Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitr Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.
nvd
CVE-2007-2264P3CRITICALCVSS 9.3v8.0v10.0+2 more2007-10-31
CVE-2007-2264 [CRITICAL] CWE-119 CVE-2007-2264: Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
nvd
CVE-2011-4245P3CRITICALCVSS 10.0≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4245 [CRITICAL] CWE-119 CVE-2011-4245: The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.170 The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2011-4246P3CRITICALCVSS 10.0≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4246 [CRITICAL] CWE-119 CVE-2011-4246: The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
nvd
CVE-2004-1094P3CRITICALCVSS 10.0v10.0v10.0_6.0.12.690+5 more2005-01-10
CVE-2004-1094 [CRITICAL] CVE-2004-1094: Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote at Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark
nvd
CVE-2012-2411P3CRITICALCVSS 9.3≤ 15.0.4v4+29 more2012-05-18
CVE-2012-2411 [CRITICAL] CWE-119 CVE-2012-2411: Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, al Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.
nvd
CVE-2010-3748P3CRITICALCVSS 10.0v11.0v11.0.1+6 more2010-10-19
CVE-2010-3748 [CRITICAL] CWE-119 CVE-2010-3748: Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, Re Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors.
nvd
Realnetworks Realplayer vulnerabilities | cvebase