{"id":"UBUNTU-CVE-2013-6933","details":"The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.","modified":"2025-07-16T08:16:34.922893Z","published":"2014-01-23T21:55:00Z","withdrawn":"2025-07-18T16:42:57Z","upstream":["CVE-2013-6933"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-6933"},{"type":"REPORT","url":"http://www.live555.com/liveMedia/public/changelog.txt"},{"type":"REPORT","url":"http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2013-6933"}],"affected":[{"package":{"name":"liblivemedia","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/liblivemedia@2014.01.13-1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2014.01.13-1"}]}],"versions":["2013.04.30-1","2013.04.30-1ubuntu1","2013.10.25-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libbasicusageenvironment0","binary_version":"2014.01.13-1"},{"binary_name":"libgroupsock1","binary_version":"2014.01.13-1"},{"binary_name":"liblivemedia-dev","binary_version":"2014.01.13-1"},{"binary_name":"liblivemedia23","binary_version":"2014.01.13-1"},{"binary_name":"libusageenvironment1","binary_version":"2014.01.13-1"},{"binary_name":"livemedia-utils","binary_version":"2014.01.13-1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-6933.json"}},{"package":{"name":"liblivemedia","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/liblivemedia@2016.02.09-1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2016.02.09-1"}]}],"versions":["2014.01.13-1","2016.01.29-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libbasicusageenvironment1","binary_version":"2016.02.09-1"},{"binary_name":"libbasicusageenvironment1-dbgsym","binary_version":"2016.02.09-1"},{"binary_name":"libgroupsock8","binary_version":"2016.02.09-1"},{"binary_name":"libgroupsock8-dbgsym","binary_version":"2016.02.09-1"},{"binary_name":"liblivemedia-dev","binary_version":"2016.02.09-1"},{"binary_name":"liblivemedia50","binary_version":"2016.02.09-1"},{"binary_name":"liblivemedia50-dbgsym","binary_version":"2016.02.09-1"},{"binary_name":"libusageenvironment3","binary_version":"2016.02.09-1"},{"binary_name":"libusageenvironment3-dbgsym","binary_version":"2016.02.09-1"},{"binary_name":"livemedia-utils","binary_version":"2016.02.09-1"},{"binary_name":"livemedia-utils-dbgsym","binary_version":"2016.02.09-1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-6933.json"}},{"package":{"name":"liblivemedia","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/liblivemedia@2018.02.18-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2018.02.18-1"}]}],"versions":["2017.07.18-1","2017.09.12-1ubuntu1","2017.10.28-2","2018.01.29-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libbasicusageenvironment1","binary_version":"2018.02.18-1"},{"binary_name":"libbasicusageenvironment1-dbgsym","binary_version":"2018.02.18-1"},{"binary_name":"libgroupsock8","binary_version":"2018.02.18-1"},{"binary_name":"libgroupsock8-dbgsym","binary_version":"2018.02.18-1"},{"binary_name":"liblivemedia-dev","binary_version":"2018.02.18-1"},{"binary_name":"liblivemedia62","binary_version":"2018.02.18-1"},{"binary_name":"liblivemedia62-dbgsym","binary_version":"2018.02.18-1"},{"binary_name":"libusageenvironment3","binary_version":"2018.02.18-1"},{"binary_name":"libusageenvironment3-dbgsym","binary_version":"2018.02.18-1"},{"binary_name":"livemedia-utils","binary_version":"2018.02.18-1"},{"binary_name":"livemedia-utils-dbgsym","binary_version":"2018.02.18-1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-6933.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}