Описание
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| liblivemedia | fixed | 2014.01.13-1 | package | |
| liblivemedia | not-affected | squeeze | package | |
| vlc | fixed | 2.1.4-1 | package | |
| vlc | fixed | 2.0.3-5+deb7u2 | wheezy | package |
| vlc | not-affected | squeeze | package | |
| mplayer | fixed | 2:1.1.1+svn37434-1 | package | |
| mplayer | no-dsa | squeeze | package | |
| mplayer2 | not-affected | package |
Примечания
vlc fixed by binNMU 2.1.2-2+b1, but since binNMUs are not visible to the security tracker, the subsequent sid upload is tracked
for wheezy the version present at release of DSA 3156 is used (2.0.3-5+deb7u2), although strictly speaking it's 2.0.3-5+deb7u2+b1
EPSS
Связанные уязвимости
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
EPSS