VLC and other media players hit by critical vulnerability

[Oct 22, 2018]

A critical code execution vulnerability has been identified in LIVE555 Streaming Media RTSP Server library used by VLC and other media players.

Lilith Wyatt, the IT security researcher at Cisco Talos Intelligence Group has discovered the vulnerability.

The vulnerability exists in the HTTP packet-parsing functionality of LIVE555 RTSP Server library through which an attacker can send a crafted malicious packet to trigger the vulnerability and cause a stack-based buffer overflow resulting in code execution.

These findings (CVE-2018-4013) have left millions of users of media players vulnerable to cyber-attacks.

LIVE555 Media Libraries used by most popular media players like such as VLC and MPlayer and multitude of embedded devices such as cameras.

Cyber Security Tips:

  • An update has already been issued to address the vulnerability. Therefore, if you are using any of the vulnerable media players make sure they are updated to the latest version.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: