[vlc-devel] FYI: Serious bug in old LIVE555 library versions - affecting VLC
Ross Finlayson
finlayson at live555.com
Wed Nov 27 07:49:02 CET 2013
FYI, Yesterday I learned about a serious buffer-overflow bug in the LIVE555 library that affects VLC, and all other RTSP client applications that use the LIVE555 library. This bug could potentially allow an attacker (with a malicious RTSP server) to cause cause arbitrary code to be executed in VLC.
This bug has now been fixed in the latest version (2013.11.26) of the LIVE555 library - tarball available at:
http://www.live555.com/liveMedia/public/
VLC distributions that use the LIVE555 library should upgrade to use this new version.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20131126/d4984dab/attachment.html>
More information about the vlc-devel
mailing list