CVE Vulnerabilities

CVE-2013-6934

Published: Jan 23, 2014 | Modified: Sep 12, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.

Affected Software

Name Vendor Start Version End Version
Streaming_media Live555 2013-11-26 (including) 2013-11-26 (including)
Liblivemedia Ubuntu artful *
Liblivemedia Ubuntu cosmic *
Liblivemedia Ubuntu lucid *
Liblivemedia Ubuntu precise *
Liblivemedia Ubuntu quantal *
Liblivemedia Ubuntu raring *
Liblivemedia Ubuntu saucy *
Liblivemedia Ubuntu trusty *
Liblivemedia Ubuntu upstream *
Liblivemedia Ubuntu utopic *
Liblivemedia Ubuntu vivid *
Liblivemedia Ubuntu wily *
Liblivemedia Ubuntu yakkety *
Liblivemedia Ubuntu zesty *

References