Unrated severityNVD Advisory· Published Jan 23, 2014· Updated Jun 17, 2026
CVE-2013-6934
CVE-2013-6934
Description
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- cpe:2.3:a:live555:streaming_media:2013-11-26:*:*:*:*:*:*:*
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*range: <2.1.0
- (no CPE)
- Range: = 2013.11.26
Patches
Vulnerability mechanics
References
3- isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.htmlnvdExploitThird Party Advisory
- www.live555.com/liveMedia/public/changelog.txtnvdVendor Advisory
- www.securityfocus.com/bid/65139nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.