[vlc-devel] FYI: Serious bug in old LIVE555 library versions - affecting VLC

Ross Finlayson finlayson at live555.com
Wed Nov 27 07:49:02 CET 2013


FYI, Yesterday I learned about a serious buffer-overflow bug in the LIVE555 library that affects VLC, and all other RTSP client applications that use the LIVE555 library.  This bug could potentially allow an attacker (with a malicious RTSP server) to cause cause arbitrary code to be executed in VLC.

This bug has now been fixed in the latest version (2013.11.26) of the LIVE555 library - tarball available at:
	http://www.live555.com/liveMedia/public/
VLC distributions that use the LIVE555 library should upgrade to use this new version.

Ross Finlayson
Live Networks, Inc.
http://www.live555.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20131126/d4984dab/attachment.html>


More information about the vlc-devel mailing list