CVE-2013-6933: Buffer Overflow
First published: Thu Jan 23 2014(Updated: )
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Live555 | =2011-08-13 | |
| Live555 | =2011-08-20 | |
| Live555 | =2011-08-22 | |
| Live555 | =2011-09-02 | |
| Live555 | =2011-09-19 | |
| Live555 | =2011-10-05 | |
| Live555 | =2011-10-09 | |
| Live555 | =2011-10-18 | |
| Live555 | =2011-10-27 | |
| Live555 | =2011-11-02 | |
| Live555 | =2011-11-08 | |
| Live555 | =2011-11-20 | |
| Live555 | =2011-11-27 | |
| Live555 | =2011-11-28 | |
| Live555 | =2011-11-29 | |
| Live555 | =2011-12-02 | |
| Live555 | =2011-12-19 | |
| Live555 | =2011-12-20 | |
| Live555 | =2011-12-23 | |
| Live555 | =2012-01-07 | |
| Live555 | =2012-01-13 | |
| Live555 | =2012-01-25 | |
| Live555 | =2012-01-26 | |
| Live555 | =2012-02-03 | |
| Live555 | =2012-02-04 | |
| Live555 | =2012-02-29 | |
| Live555 | =2012-03-20 | |
| Live555 | =2012-03-22 | |
| Live555 | =2012-04-04 | |
| Live555 | =2012-04-18 | |
| Live555 | =2012-04-21 | |
| Live555 | =2012-04-26 | |
| Live555 | =2012-04-27 | |
| Live555 | =2012-05-03 | |
| Live555 | =2012-05-11 | |
| Live555 | =2012-05-17 | |
| Live555 | =2012-06-12 | |
| Live555 | =2012-06-17 | |
| Live555 | =2012-06-23 | |
| Live555 | =2012-06-26 | |
| Live555 | =2012-07-03 | |
| Live555 | =2012-07-06 | |
| Live555 | =2012-07-14 | |
| Live555 | =2012-07-18 | |
| Live555 | =2012-07-24 | |
| Live555 | =2012-07-26 | |
| Live555 | =2012-08-08 | |
| Live555 | =2012-08-12 | |
| Live555 | =2012-08-17 | |
| Live555 | =2012-08-20 | |
| Live555 | =2012-08-28 | |
| Live555 | =2012-08-29 | |
| Live555 | =2012-08-30 | |
| Live555 | =2012-08-31 | |
| Live555 | =2012-09-06 | |
| Live555 | =2012-09-07 | |
| Live555 | =2012-09-11 | |
| Live555 | =2012-09-12 | |
| Live555 | =2012-09-13 | |
| Live555 | =2012-09-27 | |
| Live555 | =2012-10-01 | |
| Live555 | =2012-10-04 | |
| Live555 | =2012-10-11 | |
| Live555 | =2012-10-12 | |
| Live555 | =2012-10-16 | |
| Live555 | =2012-10-17 | |
| Live555 | =2012-10-18 | |
| Live555 | =2012-10-21 | |
| Live555 | =2012-10-22 | |
| Live555 | =2012-10-24 | |
| Live555 | =2012-11-05 | |
| Live555 | =2012-11-08 | |
| Live555 | =2012-11-16 | |
| Live555 | =2012-11-17 | |
| Live555 | =2012-11-22 | |
| Live555 | =2012-11-28 | |
| Live555 | =2012-11-29 | |
| Live555 | =2012-11-30 | |
| Live555 | =2012-12-15 | |
| Live555 | =2012-12-18 | |
| Live555 | =2012-12-21 | |
| Live555 | =2012-12-22 | |
| Live555 | =2012-12-23 | |
| Live555 | =2012-12-24 | |
| Live555 | =2013-01-03 | |
| Live555 | =2013-01-04 | |
| Live555 | =2013-01-05 | |
| Live555 | =2013-01-15 | |
| Live555 | =2013-01-18 | |
| Live555 | =2013-01-19 | |
| Live555 | =2013-01-21 | |
| Live555 | =2013-01-22 | |
| Live555 | =2013-01-23 | |
| Live555 | =2013-01-25 | |
| Live555 | =2013-02-05 | |
| Live555 | =2013-02-11 | |
| Live555 | =2013-02-27 | |
| Live555 | =2013-03-07 | |
| Live555 | =2013-03-23 | |
| Live555 | =2013-03-31 | |
| Live555 | =2013-04-01 | |
| Live555 | =2013-04-04 | |
| Live555 | =2013-04-05 | |
| Live555 | =2013-04-06 | |
| Live555 | =2013-04-08 | |
| Live555 | =2013-04-16 | |
| Live555 | =2013-04-21 | |
| Live555 | =2013-04-22 | |
| Live555 | =2013-04-23 | |
| Live555 | =2013-04-29 | |
| Live555 | =2013-04-30 | |
| Live555 | =2013-05-30 | |
| Live555 | =2013-06-06 | |
| Live555 | =2013-06-14 | |
| Live555 | =2013-06-18 | |
| Live555 | =2013-06-30 | |
| Live555 | =2013-07-03 | |
| Live555 | =2013-07-16 | |
| Live555 | =2013-07-30 | |
| Live555 | =2013-07-31 | |
| Live555 | =2013-08-05 | |
| Live555 | =2013-08-15 | |
| Live555 | =2013-08-16 | |
| Live555 | =2013-08-28 | |
| Live555 | =2013-08-31 | |
| Live555 | =2013-09-07 | |
| Live555 | =2013-09-08 | |
| Live555 | =2013-09-11 | |
| Live555 | =2013-09-18 | |
| Live555 | =2013-09-27 | |
| Live555 | =2013-09-30 | |
| Live555 | =2013-10-01 | |
| Live555 | =2013-10-02 | |
| Live555 | =2013-10-03 | |
| Live555 | =2013-10-07 | |
| Live555 | =2013-10-08 | |
| Live555 | =2013-10-09 | |
| Live555 | =2013-10-11 | |
| Live555 | =2013-10-16 | |
| Live555 | =2013-10-18 | |
| Live555 | =2013-10-22 | |
| Live555 | =2013-10-24 | |
| Live555 | =2013-10-25 | |
| Live555 | =2013-11-06 | |
| Live555 | =2013-11-10 | |
| Live555 | =2013-11-14 | |
| Live555 | =2013-11-15 | |
| Live555 | =2013-11-25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What type of vulnerability is CVE-2013-6933?
CVE-2013-6933 is a denial of service vulnerability that can potentially allow remote attackers to crash the affected system through specific input.
How does CVE-2013-6933 affect VLC Media Player?
CVE-2013-6933 affects VLC Media Player by allowing a malformed RTSP request that contains space or tab characters at the beginning to cause a crash.
What should I do if I run a version of Live555 Streaming Media affected by CVE-2013-6933?
To mitigate CVE-2013-6933, users should upgrade to a patched version of Live555 Streaming Media released after November 25, 2013.
How can I identify if my system is vulnerable to CVE-2013-6933?
Check if your version of Live555 Streaming Media or VLC Media Player is between versions 2011.08.13 and 2013.11.25 to determine vulnerability to CVE-2013-6933.
What are the potential impacts of CVE-2013-6933 exploitation?
Exploitation of CVE-2013-6933 may result in a denial of service, rendering the application unusable and potentially leading to remote code execution.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- vendor/live555
- canonical/live555
- version/live555/2011-08-13
- version/live555/2011-08-20
- version/live555/2011-08-22
- version/live555/2011-09-02
- version/live555/2011-09-19
- version/live555/2011-10-05
- version/live555/2011-10-09
- version/live555/2011-10-18
- version/live555/2011-10-27
- version/live555/2011-11-02
- version/live555/2011-11-08
- version/live555/2011-11-20
- version/live555/2011-11-27
- version/live555/2011-11-28
- version/live555/2011-11-29
- version/live555/2011-12-02
- version/live555/2011-12-19
- version/live555/2011-12-20
- version/live555/2011-12-23
- version/live555/2012-01-07
- version/live555/2012-01-13
- version/live555/2012-01-25
- version/live555/2012-01-26
- version/live555/2012-02-03
- version/live555/2012-02-04
- version/live555/2012-02-29
- version/live555/2012-03-20
- version/live555/2012-03-22
- version/live555/2012-04-04
- version/live555/2012-04-18
- version/live555/2012-04-21
- version/live555/2012-04-26
- version/live555/2012-04-27
- version/live555/2012-05-03
- version/live555/2012-05-11
- version/live555/2012-05-17
- version/live555/2012-06-12
- version/live555/2012-06-17
- version/live555/2012-06-23
- version/live555/2012-06-26
- version/live555/2012-07-03
- version/live555/2012-07-06
- version/live555/2012-07-14
- version/live555/2012-07-18
- version/live555/2012-07-24
- version/live555/2012-07-26
- version/live555/2012-08-08
- version/live555/2012-08-12
- version/live555/2012-08-17
- version/live555/2012-08-20
- version/live555/2012-08-28
- version/live555/2012-08-29
- version/live555/2012-08-30
- version/live555/2012-08-31
- version/live555/2012-09-06
- version/live555/2012-09-07
- version/live555/2012-09-11
- version/live555/2012-09-12
- version/live555/2012-09-13
- version/live555/2012-09-27
- version/live555/2012-10-01
- version/live555/2012-10-04
- version/live555/2012-10-11
- version/live555/2012-10-12
- version/live555/2012-10-16
- version/live555/2012-10-17
- version/live555/2012-10-18
- version/live555/2012-10-21
- version/live555/2012-10-22
- version/live555/2012-10-24
- version/live555/2012-11-05
- version/live555/2012-11-08
- version/live555/2012-11-16
- version/live555/2012-11-17
- version/live555/2012-11-22
- version/live555/2012-11-28
- version/live555/2012-11-29
- version/live555/2012-11-30
- version/live555/2012-12-15
- version/live555/2012-12-18
- version/live555/2012-12-21
- version/live555/2012-12-22
- version/live555/2012-12-23
- version/live555/2012-12-24
- version/live555/2013-01-03
- version/live555/2013-01-04
- version/live555/2013-01-05
- version/live555/2013-01-15
- version/live555/2013-01-18
- version/live555/2013-01-19
- version/live555/2013-01-21
- version/live555/2013-01-22
- version/live555/2013-01-23
- version/live555/2013-01-25
- version/live555/2013-02-05
- version/live555/2013-02-11
- version/live555/2013-02-27
- version/live555/2013-03-07
- version/live555/2013-03-23
- version/live555/2013-03-31
- version/live555/2013-04-01
- version/live555/2013-04-04
- version/live555/2013-04-05
- version/live555/2013-04-06
- version/live555/2013-04-08
- version/live555/2013-04-16
- version/live555/2013-04-21
- version/live555/2013-04-22
- version/live555/2013-04-23
- version/live555/2013-04-29
- version/live555/2013-04-30
- version/live555/2013-05-30
- version/live555/2013-06-06
- version/live555/2013-06-14
- version/live555/2013-06-18
- version/live555/2013-06-30
- version/live555/2013-07-03
- version/live555/2013-07-16
- version/live555/2013-07-30
- version/live555/2013-07-31
- version/live555/2013-08-05
- version/live555/2013-08-15
- version/live555/2013-08-16
- version/live555/2013-08-28
- version/live555/2013-08-31
- version/live555/2013-09-07
- version/live555/2013-09-08
- version/live555/2013-09-11
- version/live555/2013-09-18
- version/live555/2013-09-27
- version/live555/2013-09-30
- version/live555/2013-10-01
- version/live555/2013-10-02
- version/live555/2013-10-03
- version/live555/2013-10-07
- version/live555/2013-10-08
- version/live555/2013-10-09
- version/live555/2013-10-11
- version/live555/2013-10-16
- version/live555/2013-10-18
- version/live555/2013-10-22
- version/live555/2013-10-24
- version/live555/2013-10-25
- version/live555/2013-11-06
- version/live555/2013-11-10
- version/live555/2013-11-14
- version/live555/2013-11-15
- version/live555/2013-11-25