SciLinux: CVE-2009-4242 Critical: HelixPlayer SL4.x i386/x86_64
Summary
Multiple buffer and integer overflow flaws were found in the wayHelixPlayer processed Graphics Interchange Format (GIF) files. Anattacker could create a specially-crafted GIF file which would causeHelixPlayer to crash or, potentially, execute arbitrary code whenopened. (CVE-2009-4242, CVE-2009-4245)A buffer overflow flaw was found in the way HelixPlayer processedSynchronized Multimedia Integration Language (SMIL) files. An attackercould create a specially-crafted SMIL file which would cause HelixPlayerto crash or, potentially, execute arbitrary code when opened.(CVE-2009-4257)A buffer overflow flaw was found in the way HelixPlayer handled the RealTime Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSPserver could use this flaw to crash HelixPlayer or, potentially, executearbitrary code. (CVE-2009-4248)Multiple buffer overflow flaws were discovered in the way HelixPlayerhandled RuleBook structures in media files and RTSP streams.Specially-crafted input could cause HelixPlayer to crash or,potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417)A buffer overflow flaw was found in the way HelixPlayer performed URLun-escaping. A specially-crafted URL string could cause HelixPlayer tocrash or, potentially, execute arbitrary code. (CVE-2010-0416)All running instances of HelixPlayer must be restarted for this updateto take effect.