1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: VLC Media Player RTSP CVE-2013-6934

Web Attack: VLC Media Player RTSP CVE-2013-6934

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of exploiting buffer overflow in LIVE555 Streaming Media 'parseRTSPRequestString()' Function.

Additional Information

LIVE555 Streaming Media is a multimedia streaming application.

LIVE555 Streaming Media is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue affects the 'parseRTSPRequestString()' function and is triggered when processing a specially crafted 'RTSP' command.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Affected

  • LIVE555 Streaming Media 2011.08.13 through 2013.11.26 are vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube