Integer overflow

2014-01-2321:55:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.896 High

EPSS

Percentile

98.7%

JSON

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

CPENameOperatorVersion
streaming_mediaeq2013227.0.0
streaming_mediaeq201337.0.0
streaming_mediaeq2013323.0.0
streaming_mediaeq2013331.0.0
streaming_mediaeq201341.0.0
streaming_mediaeq201344.0.0
streaming_mediaeq201345.0.0
streaming_mediaeq201346.0.0
streaming_mediaeq201348.0.0
streaming_mediaeq2013416.0.0

Name	Operator	Version
streaming_media	eq	2013227.0.0
streaming_media	eq	201337.0.0
streaming_media	eq	2013323.0.0
streaming_media	eq	2013331.0.0
streaming_media	eq	201341.0.0
streaming_media	eq	201344.0.0
streaming_media	eq	201345.0.0
streaming_media	eq	201346.0.0
streaming_media	eq	201348.0.0
streaming_media	eq	2013416.0.0