RealNetworks product security updates
This page provides product updates and security enhancements, including bug fixes for certain RealNetworks software products. If you have installed a product version listed below, we recommend you update to the latest version, which can be downloaded and installed from www.real.com. There is no charge for these updates, as they provide important bug fixes and security enhancements.
The updates also contain security enhancements to address certain issues that could affect the operation of your product or machine. At this time, we have not received any reports of any machines being compromised by any potential security vulnerabilities.
We recommend to our customers, as a good security practice, to be sure you are running the current version of our software. We will release security updates from time to time, and having the current software version should improve the security of your system.
Update: December 20, 2016
Current Software
The current versions of our Player software are not affected by these vulnerabilities.
|
Software |
Operating System |
Languages |
|
RealPlayer HD 16.0.6.3 RealPlayer 16.0.5.18 |
Windows XP and up |
All Released |
|
RealPlayer 18.1.6.161 |
Windows 7 and up |
All Released |
Affected Software
CVE-2016-9931 - Possible Buffer Overflow caused when playing a malformed MP4 with a specifically crafted elst atom with overly large 'stsz' atom size.
- Affected software: RealPlayer HD 16.0.6.2; RealPlayer 16 16.0.4.19
- Fixed in: RealPlayer HD 16.0.6.3 and RealPlayer 16 v16.0.5.18
Credit to jiaxiangkun and niechujiang from TCA lab of ISCAS for reporting this issue.
CVE-2016-9930 - Potential "DLL hijacking" attack: RealPlayer requests Windows to load a DLL by name using the standard Windows DLL load search order. If you start RealPlayer from the directory where a malicious DLL with the same name is placed, the malicious DLL could be loaded instead.
- Affected software: RealPlayer 18 v18.1.4.135
- Fixed in: RealPlayer 18 v18.1.5.694
Credit to Ki-yong Kwak for reporting this issue.
CVE-2016-9929 - Possible Buffer Overflow caused when playing a specifically crafted MP4 file with the "Sample Size" member of a 'stsz' structure having an overly long size value.
- Affected software: RealPlayer 18 v18.1.5.705
- Fixed in: RealPlayer 18 v18.1.6.161
Credit to Chris Navarrete and Xiaopeng Zhang of Fortinet's FortiGuard Labs for reporting this issue.
Update: June 27, 2014
Current Software
The current versions of our Player software are not affected by these vulnerabilities.
|
Software |
Operating System |
Languages |
|
RealPlayer 17.0.10.8 |
Windows 7 up |
All Released |
|
Mac RealPlayer 12.0.1.1738 |
Mac OS X 10.3 - 10.8.2 |
All Released |
Affected Software
The table below contains a summary of previous and current versions of the RealPlayer software that are susceptible to these vulnerabilities. The columns and cells in green are the versions of each product where the issue has been resolved.
|
CVE Number |
Windows RealPlayer 17.0.10.8 |
All Previous Versions |
Mac |
All Previous Versions |
|
CVE-2014-3113 |
X |
CVE-2014-3113 - Buffer overflow caused by corrupt index type or incorrect media sample size when playing a malformed MP4.
Affected software: Windows RealPlayer 17.0.8.22 and prior.
Credit to Dehui Yin of Fortinet's FortiGuard Labs for reporting this issue.
Warranty:
RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please see your original license agreement for details of our limited warranty or warranty disclaimer.