CVE-2013-6934
published 2014-01-23CVE-2013-6934: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
28.17%
97.9th percentile
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | — | — |
| debian | vlc | — | — |
| live555 | streaming_media | — | — |
| videolan | vlc_media_player | < 2.1.0 | 2.1.0 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...
vendor_debian·2013·CVSS 7.5
CVE-2013-6934 [HIGH] CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-qqf2-v78c-75h2: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2013-6934 [HIGH] GHSA-qqf2-v78c-75h2: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.htmlhttp://www.live555.com/liveMedia/public/changelog.txthttp://www.securityfocus.com/bid/65139http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.htmlhttp://www.live555.com/liveMedia/public/changelog.txthttp://www.securityfocus.com/bid/65139
2014-01-23
Published