FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

liveMedia -- potential remote code execution

Affected packages
liveMedia < 2018.10.17,2

Details

VuXML ID fa194483-dabd-11e8-bf39-5404a68ad561
Discovery 2018-10-18
Entry 2018-10-28

Talos reports:

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

References

CVE Name CVE-2018-4013
URL http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
URL https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684