Follow

RealNetworks Product Security Updates

This page provides product updates and security enhancements, including bug fixes for certain RealNetworks software products. If you have installed a product version listed below, we recommend you update to the latest version, which can be downloaded and installed from www.real.com. There is no charge for these updates, as they provide important bug fixes and security enhancements.

The updates also contain security enhancements to address certain issues that could affect the operation of your product or machine. At this time, we have not received any reports of any machines being compromised by any potential security vulnerabilities.

We recommend to our customers, as a good security practice, to be sure you are running the current version of our software. We will release security updates from time to time, and having the current software version should improve the security of your system.

Update: December 20, 2016

Current Software

The current versions of our Player software are not affected by these vulnerabilities.

Software

Operating System

Languages

RealPlayer HD 16.0.6.3

RealPlayer 16.0.5.18

Windows XP and up

All Released

RealPlayer 18.1.6.161

Windows 7 and up

All Released


Affected Software

CVE-2016-9931 - Possible Buffer Overflow caused when playing a malformed MP4 with a specifically crafted elst atom with overly large 'stsz' atom size.

  • Affected software: RealPlayer HD 16.0.6.2; RealPlayer 16 16.0.4.19
  • Fixed in: RealPlayer HD 16.0.6.3 and RealPlayer 16 v16.0.5.18

Credit to jiaxiangkun and niechujiang from TCA lab of ISCAS for reporting this issue.

CVE-2016-9930 - Potential "DLL hijacking" attack: RealPlayer requests Windows to load a DLL by name using the standard Windows DLL load search order. If you start RealPlayer from the directory where a malicious DLL with the same name is placed, the malicious DLL could be loaded instead.

  • Affected software: RealPlayer 18 v18.1.4.135
  • Fixed in: RealPlayer 18 v18.1.5.694

Credit to Ki-yong Kwak for reporting this issue.

CVE-2016-9929 - Possible Buffer Overflow caused when playing a specifically crafted MP4 file with the "Sample Size" member of a 'stsz' structure having an overly long size value.

  • Affected software: RealPlayer 18 v18.1.5.705
  • Fixed in: RealPlayer 18 v18.1.6.161

Credit to Chris Navarrete and Xiaopeng Zhang of Fortinet's FortiGuard Labs for reporting this issue.

 

Update: June 27, 2014

Current Software

The current versions of our Player software are not affected by these vulnerabilities.

Software

Operating System

Languages

RealPlayer 17.0.10.8

Windows 7 up

All Released

Mac RealPlayer 12.0.1.1738

Mac OS X 10.3 - 10.8.2

All Released


Affected Software

The table below contains a summary of previous and current versions of the RealPlayer software that are susceptible to these vulnerabilities. The columns and cells in green are the versions of each product where the issue has been resolved. 

CVE Number

Windows

RealPlayer 17.0.10.8

All Previous Versions

Mac
RealPlayer 12.0.1.1738

All Previous Versions

CVE-2014-3113

 

X

 

 

 

CVE-2014-3113 - Buffer overflow caused by corrupt index type or incorrect media sample size when playing a malformed MP4.
Affected software: Windows RealPlayer 17.0.8.22 and prior.
Credit to Dehui Yin of Fortinet's FortiGuard Labs for reporting this issue. 


Warranty:

RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please see your original license agreement for details of our limited warranty or warranty disclaimer.

Was this article helpful?
1 out of 4 found this helpful
Powered by Zendesk