|Improper Restriction of Operations within the Bounds of a Memory Buffer|
|Vulnerability||Severity Score||Release Date||Summary|
|CVE-2013-6933||7.5||Jan. 23, 2014||
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.