cbcvebase.
CVE-2013-6933
published 2014-01-23

CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote…

PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
17.41%
96.7th percentile
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

Affected

162 ranges· showing 25
VendorProductVersion rangeFixed in
debianmplayer< mplayer 2:1.1.1+svn37434-1 (bookworm)mplayer 2:1.1.1+svn37434-1 (bookworm)
debianmplayer
debianvlc< mplayer 2:1.1.1+svn37434-1 (bookworm)mplayer 2:1.1.1+svn37434-1 (bookworm)
debianvlc
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media
live555streaming_media

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.