VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jan 25, 2010· Updated Apr 29, 2026

CVE-2009-4244

CVE-2009-4244

Description

Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.

Affected products

18
  • RealNetworks/Helix Player3 versions
    cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:realnetworks:helix_player:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:helix_player:11.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:helix_player:11.0.1:*:*:*:*:*:*:*
  • RealNetworks/Realplayer12 versions
    cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.1:*:linux:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
  • RealNetworks/Realplayer Enterprise
    cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*
  • RealNetworks/Realplayer Sp2 versions
    cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.