CVE-2013-6933
Live Networks Live555 Streaming Media <=2013.11.25 - DoS and RCE via RTSP Parsing
Title source: llmDescription
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://www.live555.com/liveMedia/public/changelog.txt
Various Sources x_refsource_misc
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
Scores
EPSS
0.1741
EPSS Percentile
96.8%
Details
CWE
CWE-119
CWE-189
Status
published
Products (50)
live555/streaming_media
2011-08-13
live555/streaming_media
2011-08-20
live555/streaming_media
2011-08-22
live555/streaming_media
2011-09-02
live555/streaming_media
2011-09-19
live555/streaming_media
2011-10-05
live555/streaming_media
2011-10-09
live555/streaming_media
2011-10-18
live555/streaming_media
2011-10-27
live555/streaming_media
2011-11-02
... and 40 more
Published
Jan 23, 2014
Tracked Since
Feb 18, 2026