Avatar von Leak
  • Leak

mehr als 1000 Beiträge seit 07.01.2000

Das betrifft nur den Live555 *Server*

No, it doesn't affect *any* media player (Score:5, Informative)
by Ross Finlayson ( 17913 ) on 22.10.2018 6:29 (#57515512)

The bug - which has now been fixed in the LIVE555 library (with the fix already reported to Cisco) - affected only the LIVE555 library's implementation of a RTSP *server*. It doesn't affect the implementation of a RTSP *client*, which is the only part of the LIVE555 library that VLC and MPlayer use. (VLC does have an embedded RTSP server, but that uses a separate implementation, not LIVE555's.)

(I know this because I'm the author of the LIVE555 software :-)


Replying to @TheHackersNews @TalosSecurity and 3 others

Are you _sure_ about what you are claiming?
VLC uses live555 client side, and not server side. The vulnerability is on the RTSP Server class...
Also, Talos report does not say VLC is impacted.
12:00 AM - 22 Oct 2018


Das war wohl hauptsaechlich Panikmache durch Cisco, weil "ein furchtbarer Bug in VLC und mplayer!!1!eins" natuerlich besser klingt als "einer in einer Server-Komponente die in weniger bekannter Software (welche eigentlich?) zum Einsatz kommt"...

Das Posting wurde vom Benutzer editiert (22.10.2018 17:26).

- +