Home > Cyber News > CVE-2018-4013: MPlayer and VLC Both Affected by a Critical Vulnerability
CYBER NEWS

CVE-2018-4013: MPlayer and VLC Both Affected by a Critical Vulnerability

by   |  Last Update:  |  0 Comments  

A security researcher has announced the discovery of a critical vulnerability in two of the most popular media players — MPlayer and VLC. The issue was found in the LIVE555 media streaming library which is used in both applications and tracked in the CVE-2018-4013 advisory.




CVE-2018-4013: VLC and MPlayer Vulnerability Caused by Live555 Media Streaming Library

The two popular media players VLC and MPlayer were found to be affected by the same vulnerability. This was reported by a security researcher that found that the root of the cause is the LIVE555 media streaming library which they both use. It is maintained by the Live Networks company and serves to provide compatibility with RTP and SIP protocols and processing various audio and video formats. Without it VLC and MPlayer will not be able to play streaming media which is one of their most important features.

Related Story: [wplinkpreview url=”https://sensorstechforum.com/kodi-media-player-installations-used-distributing-malware/”]Kodi Media Player Installations Used for Distributing Malware

The CVE-2018-4013 advisory has been assigned to the vulnerability, it indicates that unpatched versions of the software allows millions of users worldwide to become possible victims of hacker attacks. The reason for this is the way HTTP requests are made. Hackers can craft a special packet causing a stack-based buffer overflow which can be used for code execution. The full description of the CVE-2018-4013 advisory reads the following:

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

These two programs are among the most commonly installed third-party software by end users and this is the reason why such problems are automatically classified as major impacts. However the security report does indicate that the problem does not lie within the codebase of the applications but rather components that are developed by outside sources and used for enhancing the player’s functions. In this particular case the media streaming component is essential for providing one of the core functions.

Both players have issued security updates and users are advised to apply them as soon as possible.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. Vlc Plus Player Virus Removal Steps [Free Fix Guide] What Is Vlc Plus Player Vlc Plus Player is the...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. 55 Percent of Apps Are Widely Outdated, Including Skype and VLC Player Running outdated software hides huge risks but many users (both...
  4. Evernote Vulnerability Abused To Steal Files From Victim Users A new Evernote vulnerability was recently announced which has been...
  5. VLC Addon is Suspicious. Remove It Research indicates that VLC Addon is a suspicious browser add-on...
  6. Multiple 1-Click Vulnerabilities in Telegram, VLC, LibreOffice (CVE-2021-30245) How safe are your applications, and how secure are you...
  7. Cisco Bugs CVE-2018-0151, CVE-2018-171, CVE-2018-015. Patch Now! Three critical vulnerabilities have found in Cisco products. More specifically,...
  8. CVE-2022-31656: Critical VMware Authentication Bypass Vulnerability VMware recently released another set of patches addressing a number...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree