CVE-2013-6933
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
23/01/2014
Last modified:
11/04/2025
Description
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:live555:streaming_media:2011-08-13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-08-20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-08-22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-09-02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-09-19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-10-05:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-10-09:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-10-18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-10-27:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-11-02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-11-08:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-11-20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-11-27:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-11-28:*:*:*:*:*:*:* | ||
| cpe:2.3:a:live555:streaming_media:2011-11-29:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page