Code Execution Vulnerability Patched in Library Used by VLC, Other Media Players

[silversurfer]

Live Networks Inc patched a code execution vulnerability affecting the HTTP packet-parsing functionality of the LIVE555 Streaming Media libraries disclosed by the Cisco Talos Intelligence Group's Lilith Wyatt.

"An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library," says Cisco Talos' advisory. "A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability."

Source: https://news.softpedia.com/news/code-exe...3314.shtml