CVE-2013-6934
Severity CVSS v4.0:
Pending analysis
Type:
CWE-189
Numeric Errors
Publication date:
23/01/2014
Last modified:
11/04/2025
Description
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:live555:streaming_media:2013-11-26:*:*:*:*:*:*:* | ||
| cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:* | 2.1.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
- http://www.live555.com/liveMedia/public/changelog.txt
- http://www.securityfocus.com/bid/65139
- http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
- http://www.live555.com/liveMedia/public/changelog.txt
- http://www.securityfocus.com/bid/65139