CVE-2013-6933Improper Restriction of Operations within the Bounds of a Memory Buffer in Streaming Media

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-1895 documents5 sources
Severity
7.5HIGHNVD
EPSS
3.4%
top 12.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MplayerVideolan VLC Media PlayerLive555 Streaming Media
Timeline
PublishedJan 23
Latest updateMay 13

Description

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDlive555/streaming_media148 versions+147
Debianvideolan/vlc_media_player< 2.1.4-1+3
Debianmplayer/mplayer< 2:1.1.1+svn37434-1+3

🔴Vulnerability Details

3
GHSA
GHSA-vcpq-3936-w8vf: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 20112022-05-13
OSV
CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 20112014-01-23
CVEList
CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 20112014-01-23

📋Vendor Advisories

1
Debian
CVE-2013-6933: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...2013
CVE-2013-6933 — Live555 Streaming Media vulnerability | cvebase