Debian Security Advisory
DSA-826-1 helix-player -- multiple vulnerabilities
- Date Reported:
- 29 Sep 2005
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 316276, Bug 330364.
In Mitre's CVE dictionary: CVE-2005-1766, CVE-2005-2710.
- More information:
Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources.
Buffer overflow in the RealText parser could allow remote code execution via a specially crafted RealMedia file with a long RealText string.
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the image handle attribute in a RealPix (.rp) or RealText (.rt) file.
For the stable distribution (sarge), these problems have been fixed in version 1.0.4-1sarge1
For the unstable distribution (sid), these problems have been fixed in version 1.0.6-1
We recommend that you upgrade your helix-player package.
helix-player was distributed only on the i386 and powerpc architectures
- Fixed in:
Debian GNU/Linux 3.1 (sarge)
- Intel IA-32:
MD5 checksums of the listed files are available in the original advisory.