CVE-2010-4376

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.1 Mac RealPlayer versions 11.0 through 11.1 Linux RealPlayer version 11.0.2.1744

Description The issue allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Width variable of the Screen Descriptor header of a GIF87a file in an RTSP stream, specifically through the "/rtsp" API endpoint. This is a result of a heap-based buffer overflow.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version outside of this range to resolve the issue. For RealPlayer SP versions 1.0 through 1.1.1, update to a version outside of this range to resolve the issue. For Mac RealPlayer versions 11.0 through 11.1, update to a version outside of this range to resolve the issue. For Linux RealPlayer version 11.0.2.1744, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to RTSP streams that contain GIF87a files to minimize the risk of exploitation.