Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Debian: DSA-3294-2 Urgent: Libx264 Buffer Overflow Threat

debian
Calendar Grey February 7, 2015
Scroller Debian
Debian release patch tackling liblivemedia vulnerabilities, enhancing video playback and mitigating memory corruption threats.
A vulnerability was found in liveMedia, a set of C++ libraries for multimedia streaming

Summary

A vulnerability was found in liveMedia, a set of C++ libraries for
multimedia streaming. RTSP messages starting with whitespace were assumed
to have a zero length, triggering an integer underflow, infinite loop,
and then a buffer overflow. This could allow remote attackers to cause a
denial of service (crash) or arbitrary code execution via crafted RTSP
messages.

The packages vlc and mplayer have also been updated to reflect this
improvement.

For the stable distribution (wheezy), this problem has been fixed in
liblivemedia version 2012.05.17-1+wheezy1, vlc version 2.0.3-5+deb7u2+b1,
and mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u1.

For the upcoming stable distribution (jessie), this problem has been
fixed in liblivemedia version 2014.01.13-1.

For the unstable distribution (sid), this problem has been fixed in
liblivemedia version 2014.01.13-1.

We recommend that you upgrade your liblivemedia, vlc, and mplayer
packages.

Further information about Debian Security Advisories, how to apply...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: liblivemedia
CVE ID: CVE-2013-6933

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.