A code execution vulnerability has been found in the LIVE555 Streaming Media library which is used by the media players including VLC and MPlayer and numerous embedded devices that streams media.
LIVE555 streaming media was developed and maintained by Live Networks. It is a set of C++ libraries companies and application developers use it to stream multimedia over open standard protocols like RTP/RTCP, RTSP or SIP.
The LIVE555 streaming media libraries support streaming, receiving, and processing of different video formats such as MPEG, H.265, H.264, H.263+, VP8, DV, and JPEG video, and many audio codecs such as MPEG, AAC, AMR, AC-3, and Vorbis.
This vulnerable library is used by many media players such as VLC and MPlayer thereby exhibiting their millions of users to cyber-attacks.
The code execution vulnerability was discovered by Lilith Wyatt of Cisco Talos Intelligence Group and it has been dubbed as CVE-2018-4013. The flaw resides in the HTTP packet-parsing functionality of the LIVE555 RTSP, which parses HTTP headers for tunneling RTSP over HTTP.
According to Cisco Talos’ security advisory, “A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.”
In order to exploit this vulnerability an attacker has to just create and send “a packet containing multiple ‘Accept:’ or ‘x-sessioncookie’ strings” to the vulnerable application, which will trigger a stack buffer overflow in the ‘lookForHeader’ function, leading to arbitrary code execution.
Cisco Talos team has confirmed the vulnerability in Live Networks LIVE555 Media Server version 0.92 and believe that it might be there in the older versions as well. They have reported the vulnerability to Live Networks on October 10 to which the vendor has released security patches. The issue was publicly disclosed on October 18