A critical code execution vulnerability identified in LIVE555 Streaming Media RTSP Server library used by VLC and other media players.
The vulnerability exists in the HTTP packet-parsing functionality of LIVE555 RTSP Server library, an attacker can send a crafted malicious packet to trigger the vulnerability and cause a stack-based buffer overflow, resulting in code execution.
The LIVE555 Streaming Media contains a set of open-source C++ libraries that developed by Live Networks Inc for streaming multimedia. The libraries support for a set of streaming standards such as RTSP/RTCP/RTSP/SIP/RTP that supports both clients and server.
LIVE555 Media Libraries used by most popular media players like such as VLC and MPlayer and multitude of embedded devices such as cameras.
The vulnerability resides in the function that parses HTTP headers for tunneling RTSP over HTTP. An attacker may create a packet containing multiple “Accept:” or “x-sessioncookie” strings which could cause a stack buffer overflow in the function “lookForHeader.” reads Talos vulnerability report.
The vulnerability was found in Live Networks LIVE555 Media Server, version 0.92 and the earlier versions. It can be tracked as CVE-2018-4013.
Cisco Talos has reported the vulnerability to Live Networks on October 10 and the vendor issued security fix on 17th October.