The latest version - 2013.11.26 - of the "LIVE555 Streaming Media" code fixes a serious potential buffer-overflow bug in the RTSP command parsing code. This bug could potentially allow an attacker (with a malicious RTSP client or server) to cause cause arbitrary code to be executed in your own RTSP server or client.
IMPORTANT NOTE: All LIVE555-based applications that include a RTSP client or RTSP server should ***upgrade to this latest version ASAP***! (The bug affected RTSP clients as well as RTSP servers, because RTSP clients can also receive commands.) Many thanks to iSEC Partners <http://isecpartners.com/> for discovering and reporting this bug. Ross Finlayson Live Networks, Inc. http://www.live555.com/
_______________________________________________ live-devel mailing list live-devel@lists.live555.com http://lists.live555.com/mailman/listinfo/live-devel
