CVE-2012-0926

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.

Published: Feb 8, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0926
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
realnetworks / realplayer	14.0.3	14.0.3.x
realnetworks / realplayer	14.0.1	14.0.1.x
realnetworks / realplayer	14.0.4	14.0.4.x
realnetworks / realplayer	14.0.6	14.0.6.x
realnetworks / realplayer	14.0.7	14.0.7.x
realnetworks / realplayer	14.0.2	14.0.2.x
realnetworks / realplayer	14.0.1.609	14.0.1.609.x
realnetworks / realplayer	14.0.5	14.0.5.x
realnetworks / realplayer	14.0.1.633	14.0.1.633.x
realnetworks / realplayer	14.0.0	14.0.0.x
realnetworks / realplayer	11.0	11.0.x
realnetworks / realplayer	11.0.4	11.0.4.x
realnetworks / realplayer	11.0.2	11.0.2.x
realnetworks / realplayer	11.0.3	11.0.3.x
realnetworks / realplayer	11.0.2.2315	11.0.2.2315.x
realnetworks / realplayer	11.0.5	11.0.5.x
realnetworks / realplayer	11.0.2.1744	11.0.2.1744.x
realnetworks / realplayer	11.1.3	11.1.3.x
realnetworks / realplayer	11.1	11.1.x
realnetworks / realplayer	11.0.1	11.0.1.x
realnetworks / realplayer	11_build_6.0.14.748	11_build_6.0.14.748.x
realnetworks / realplayer	15.0.0	15.0.0.x
realnetworks / realplayer	15.0.1.13	15.0.1.13.x
realnetworks / realplayer_sp	1.0.1	1.0.1.x
realnetworks / realplayer_sp	1.1.5	1.1.5.x
realnetworks / realplayer_sp	1.1.3	1.1.3.x
realnetworks / realplayer_sp	1.0.0	1.0.0.x
realnetworks / realplayer_sp	1.0.2	1.0.2.x
realnetworks / realplayer_sp	1.1	1.1.x
realnetworks / realplayer_sp	1.1.2	1.1.2.x
realnetworks / realplayer_sp	1.1.4	1.1.4.x
realnetworks / realplayer_sp	1.1.1	1.1.1.x
realnetworks / realplayer_sp	1.0.5	1.0.5.x

Vulnerability Database

289,871

CVE-2012-0926