[vlc-devel] FYI: Serious bug in old LIVE555 library versions - affecting VLC

Rémi Denis-Courmont remi at remlab.net
Wed Nov 27 10:39:38 CET 2013


On Tue, 26 Nov 2013 20:49:02 -1000, Ross Finlayson <finlayson at live555.com>
> FYI, Yesterday I learned about a serious buffer-overflow bug in the
> LIVE555 library that affects VLC, and all other RTSP client applications
> that use the LIVE555 library.  This bug could potentially allow an
> (with a malicious RTSP server) to cause cause arbitrary code to be
> in VLC.

Well that is good to know but where is the the patch?

You do realize that we have downstreams distrbutions (and our own
best-effort QA process), do you not? They cannot just take a whole new
live555 version if they need to fix one specific bug, even


Rémi Denis-Courmont
Sent from my collocated server

More information about the vlc-devel mailing list