CVE-2013-6934 — Integer Underflow (Wrap or Wraparound) in VLC Media Player

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Videolan VLC Media Player Live555 Streaming Media

Timeline

PublishedJan 23

Latest updateMay 13

Description

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDlive555/streaming_media2013-11-26

▶NVDvideolan/vlc_media_player< 2.1.0

🔴Vulnerability Details

GHSA

GHSA-qqf2-v78c-75h2: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013↗2022-05-13

▶

CVEList

CVE-2013-6934: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013↗2014-01-23

▶

📋Vendor Advisories

Debian

CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...↗2013

▶