Vlc Together With Other Media Players Striking Past Times Critical Vulnerability

Influenza A virus subtype H5N1 critical code execution vulnerability has been identified inward LIVE555 Streaming Media RTSP Server library used past times VLC in addition to other media players. Lilith Wyatt, the information technology safety researcher at Cisco Talos Intelligence Group has discovered the vulnerability.

The vulnerability exists inward the HTTP packet-parsing functionality of LIVE555 RTSP Server library through which an assaulter tin shipping a crafted malicious bundle to trigger the vulnerability in addition to displace a stack-based buffer overflow resulting inward code execution.

“A particularly crafted bundle tin displace a stack-based buffer overflow, resulting inward code execution. An assaulter tin shipping a bundle to trigger this vulnerability,” Wyatt explained inward her spider web log post.

The LIVE555 streaming media contains a laid of open-source C++ libraries that developed past times Live Networks Inc for streaming multimedia. The library industrial plant amongst RTP / RTCP, RTSP or SIP protocols that support both clients in addition to server amongst the mightiness to procedure video in addition to well formats such equally MPEG, H.265, H.264, H.263 +, VP8, DV, JPEG, MPEG, AAC, AMR, AC-3, in addition to Vorbis.

The vulnerability resides inward the business office that parses HTTP headers for tunnelling RTSP over HTTP. An assaulter may practise a bundle containing multiple “Accept:” or “x-sessioncookie” strings which could displace a stack buffer overflow inward the business office “lookForHeader.” reads Talos vulnerability report.

These findings (CVE-2018-4013) convey left millions of users of media players vulnerable to cyber attacks.

LIVE555 Media Libraries used past times close pop media players similar such equally VLC in addition to MPlayer in addition to multitude of embedded devices such equally cameras.

An update has already been issued to address the vulnerability. Therefore, if yous are using whatever of the vulnerable media players brand certain they are updated to the latest version.

The vulnerability was institute inward Live Networks LIVE555 Media Server, version 0.92 in addition to the before versions. It tin last tracked equally CVE-2018-4013.

This, however, is non the outset fourth dimension when pop media histrion similar VLC is making headlines for the incorrect reasons Previously, a safety researcher had identified critical safety flaws inward 2.0.5 in addition to before versions that could convey been exploited past times attackers to execute malicious code on computers via ASF files.