[vlc-devel] FYI: Serious bug in old LIVE555 library versions - affecting VLC
finlayson at live555.com
Wed Nov 27 07:49:02 CET 2013
FYI, Yesterday I learned about a serious buffer-overflow bug in the LIVE555 library that affects VLC, and all other RTSP client applications that use the LIVE555 library. This bug could potentially allow an attacker (with a malicious RTSP server) to cause cause arbitrary code to be executed in VLC.
This bug has now been fixed in the latest version (2013.11.26) of the LIVE555 library - tarball available at:
VLC distributions that use the LIVE555 library should upgrade to use this new version.
Live Networks, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vlc-devel