[Oct 22, 2018]
A critical code execution vulnerability has been identified in LIVE555 Streaming Media RTSP Server library used by VLC and other media players.
Lilith Wyatt, the IT security researcher at Cisco Talos Intelligence Group has discovered the vulnerability.
The vulnerability exists in the HTTP packet-parsing functionality of LIVE555 RTSP Server library through which an attacker can send a crafted malicious packet to trigger the vulnerability and cause a stack-based buffer overflow resulting in code execution.
These findings (CVE-2018-4013) have left millions of users of media players vulnerable to cyber-attacks.
LIVE555 Media Libraries used by most popular media players like such as VLC and MPlayer and multitude of embedded devices such as cameras.
Cyber Security Tips:
- An update has already been issued to address the vulnerability. Therefore, if you are using any of the vulnerable media players make sure they are updated to the latest version.