VLC and other media players hit by critical vulnerability
#1
Information 
[Image: cone-147672_1280.png]
Quote:A critical code execution vulnerability has been identified in LIVE555 Streaming Media RTSP Server library used by VLC and other media players. Lilith Wyatt, the IT security researcher at Cisco Talos Intelligence Group has discovered the vulnerability.

The vulnerability exists in the HTTP packet-parsing functionality of LIVE555 RTSP Server library through which an attacker can send a crafted malicious packet to trigger the vulnerability and cause a stack-based buffer overflow resulting in code execution.

“A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability,” Wyatt explained in her blog post.

The LIVE555 streaming media contains a set of open-source C++ libraries that developed by Live Networks Inc for streaming multimedia. The library works with RTP / RTCP, RTSP or SIP protocols that support both clients and server with the ability to process video and audio formats such as MPEG, H.265, H.264, H.263 +, VP8, DV, JPEG, MPEG, AAC, AMR, AC-3, and Vorbis.
Full reading: http://www.ehackingnews.com/2018/10/vlc-...it-by.html
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite 2026.705.2152 (already available...
uBOLite 2026.705.2...harlan4096 — 10:23
Microsoft Warns Windows 11 Enterprise De...
Microsoft has issu...harlan4096 — 10:22
QOwnNotes
26.7.1 Added a ne...Kool — 05:26
NanaZip 6.5 Update (6.5.1767.0)
NanaZip 6.5 Update...harlan4096 — 19:15
Microsoft Edge 150 Adds Google Account S...
Microsoft has adde...harlan4096 — 10:26

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>