|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-04-22 | |
| Rule Name: | PROTOCOL-RTSP VLC Media Player RTSP Plugin Stack Buffer Overflow Vulnerability -1 (CVE-2013-6933) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks include arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Linux | |
| Reference: | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html http://www.live555.com/liveMedia/public/changelog.txt |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: http://www.videolan.org/vlc/releases/2.1.2.html |