Fortinet Discovers RealPlayer MP4 File Parsing Memory Corruption Vulnerability
Fortinet's FortiGuard Labs has discovered a buffer overflow vulnerability in RealNetworks RealPlayer.
RealPlayer is a cross-platform media player app, developed by RealNetworks. The media player is compatible with numerous container file formats of the multimedia realm, including MP3, MP4, QuickTime File Format, Windows Media format, and the proprietary RealAudio and RealVideo formats. RealPlayer is also available for other operating systems.
A buffer overflow vulnerability has been discovered in RealPlayer. The vulnerability can be triggered by a specifically crafted MP4 file with the "Sample Size" member of a 'stsz' structure having an overly long size value. Successful exploitation of this vulnerability could grant an attacker remote code execution.
Users should apply the solution provided by RealNetworks.
This vulnerability was discovered by Chris Navarrete and Xiaopeng Zhang of Fortinet's FortiGuard Labs