Live Networks Inc patched a code execution vulnerability affecting the HTTP packet-parsing functionality of the LIVE555 Streaming Media libraries disclosed by the Cisco Talos Intelligence Group's Lilith Wyatt.
The LIVE555 RTSP server library is used by media players such as VLC and MPlayer, as well as a number of embedded devices. Furthermore, the multimedia streaming libraries are used to develop client and server RTSP/RTCP/RTSP/SIP implementations.
Moreover, the open source LIVE555 Streaming Media C++ libraries can be utilized by developers to create apps capable of streaming content via RTP/RTCP and RTSP, and for playing RTP video content in H.264, H.265, MPEG, VP8, and DV formats and MPEG, AAC, AMR, AC-3, and Vorbis audio formats.
"An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library," says Cisco Talos' advisory. "A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
VLC and MPlayer are some of the apps affected by the CVE-2018-4013 code execution vulnerability
The security bug can be exploited by attackers who send packets with multiple "Accept:" or "x-sessioncookie" strings designed to trigger a buffer overflow in the lookForHeader function which parses HTTP headers for tunneling RTSP over HTTP.
"One of the functionalities enabled by LIVE555 for their standard RTSP server is the ability to tunnel RTSP over HTTP, which is served by a different port bound by the server, typically TCP 80, 8000, or 8080, depending on what ports are available on the host machine," also says the advisory.
As described in Cisco Talos' TALOS-2018-0684 advisory, the stack-based buffer overflow vulnerability which received the CVE-2018-4013 identification number was disclosed to the vendor on October 10.
Subsequently, Live Networks Inc patched the security issue on October 17, and the vulnerability was publicly disclosed one day later, on October 18.