Vulnerability Description
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Live555 | Streaming Media | 2011-08-13 |
Related Weaknesses (CWE)
References
- http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerabili
- http://www.live555.com/liveMedia/public/changelog.txt
- http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerabili
- http://www.live555.com/liveMedia/public/changelog.txt
FAQ
What is CVE-2013-6933?
CVE-2013-6933 is a vulnerability with a CVSS score of 7.5 (HIGH). The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (...
How severe is CVE-2013-6933?
CVE-2013-6933 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6933?
Check the references section above for vendor advisories and patch information. Affected products include: Live555 Streaming Media.