Buffer overflow in Realnetworks Realplayer

CVE-2014-3113

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.

Vulnerability class: Buffer Overflow

EPSS: 0.122 (94.0th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Realplayer — versions 17.0.4.60
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_MISC)
1030524 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
59238 (x_refsource_SECUNIA, third-party-advisory)