FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
25858c37-bdab-11da-b7d4-00123ffe8333linux-realplayer -- buffer overrun

Secunia Advisories Reports:

A boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.7.785.20060201

CVE-2006-0323
http://service.real.com/realplayer/security/03162006_player/en/
http://secunia.com/advisories/19358/
fe4c84fc-bdb5-11da-b7d4-00123ffe8333linux-realplayer -- heap overflow

iDefense Reports:

Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.

In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.6

CVE-2005-2922
http://service.real.com/realplayer/security/03162006_player/en/
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
http://secunia.com/advisories/19358/
fe4c84fc-bdb5-11da-b7d4-00123ffe8333linux-realplayer -- heap overflow

iDefense Reports:

Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.

In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.6

CVE-2005-2922
http://service.real.com/realplayer/security/03162006_player/en/
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
http://secunia.com/advisories/19358/
25858c37-bdab-11da-b7d4-00123ffe8333linux-realplayer -- buffer overrun

Secunia Advisories Reports:

A boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.7.785.20060201

CVE-2006-0323
http://service.real.com/realplayer/security/03162006_player/en/
http://secunia.com/advisories/19358/
f762ccbb-baed-11dc-a302-000102cc8983linux-realplayer -- multiple vulnerabilities

Secunia reports:

Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.

An input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header.

An error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file.

An input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers.

A boundary error when processing rm files can be exploited to cause a buffer overflow.


Discovery 2007-10-25
Entry 2008-01-04
linux-realplayer
ge 10.0.5 lt 10.0.9.809.20070726

CVE-2007-5081
CVE-2007-3410
CVE-2007-2263
CVE-2007-2264
http://secunia.com/advisories/27361
http://service.real.com/realplayer/security/10252007_player/en/
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html
http://www.zerodayinitiative.com/advisories/ZDI-07-062.html
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
http://secunia.com/advisories/25819/
759385
f762ccbb-baed-11dc-a302-000102cc8983linux-realplayer -- multiple vulnerabilities

Secunia reports:

Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.

An input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header.

An error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file.

An input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers.

A boundary error when processing rm files can be exploited to cause a buffer overflow.


Discovery 2007-10-25
Entry 2008-01-04
linux-realplayer
ge 10.0.5 lt 10.0.9.809.20070726

CVE-2007-5081
CVE-2007-3410
CVE-2007-2263
CVE-2007-2264
http://secunia.com/advisories/27361
http://service.real.com/realplayer/security/10252007_player/en/
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html
http://www.zerodayinitiative.com/advisories/ZDI-07-062.html
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
http://secunia.com/advisories/25819/
759385