Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Critical Flaw Found in Streaming Library Used by VLC and Other Media Players

Critical Flaw Found in Streaming Library Used by VLC and Other Media Players

Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media.

LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to stream multimedia over open standard protocols like RTP/RTCP, RTSP or SIP.

The LIVE555 streaming media libraries support streaming, receiving, and processing of various video formats such as MPEG, H.265, H.264, H.263+, VP8, DV, and JPEG video, and several audio codecs such as MPEG, AAC, AMR, AC-3, and Vorbis.

The vulnerable library is internally being used by many well-known media software such as VLC and MPlayer, exposing their millions of users to cyber attacks.

The code execution vulnerability, tracked as CVE-2018-4013 and discovered by researcher Lilith Wyatt of Cisco Talos Intelligence Group, resides in the HTTP packet-parsing functionality of the LIVE555 RTSP, which parses HTTP headers for tunneling RTSP over HTTP.

To exploit this vulnerability, all an attacker needs to do is create and send “a packet containing multiple ‘Accept:’ or ‘x-sessioncookie’ strings” to the vulnerable application, which will trigger a stack buffer overflow in the ‘lookForHeader’ function, leading to arbitrary code execution.

Cisco Talos team confirmed the vulnerability in Live Networks LIVE555 Media Server version 0.92, but the team believes the security issue may also be present in the earlier version of the product.

Cisco Talos responsibly reported the vulnerability to Live Networks on October 10 and publicly disclosed the security issue on October 18 after the vendor released security patches on October 17.

 

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket