Vulnerabilites related to live555 - streaming_media
Vulnerability from fkie_nvd
Published
2019-08-20 00:15
Modified
2024-11-21 04:28
Severity ?
Summary
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202005-06 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202005-06 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*", matchCriteriaId: "485C442E-F46F-4515-A1A2-3044CFEAF01D", versionEndExcluding: "2019-08-16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.", }, { lang: "es", value: "Live555 versiones anteriores a 2019.08.16, presenta un uso de la memoria previamente liberada porque la función GenericMediaServer::createNewClientSessionWithId puede generar el mismo ID de sesión de cliente en sucesión, el cual es manejado inapropiadamente por los demultiplexores de archivos MPEG1or2 y Matroska.", }, ], id: "CVE-2019-15232", lastModified: "2024-11-21T04:28:15.320", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-20T00:15:10.237", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-06", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-23 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:2011-08-13:*:*:*:*:*:*:*", matchCriteriaId: "A45002A7-F124-431B-AA70-56229E1317A9", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-08-20:*:*:*:*:*:*:*", matchCriteriaId: "8E1CAC51-7C4C-42B9-8156-E20C4385BC3B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-08-22:*:*:*:*:*:*:*", matchCriteriaId: "4BF7B64A-6494-458B-9FB3-38A88D08EDC6", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-09-02:*:*:*:*:*:*:*", matchCriteriaId: "C16C555C-3151-4FFC-B268-83DC402132C7", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-09-19:*:*:*:*:*:*:*", matchCriteriaId: "B7377FA8-4D34-4BE4-9202-D70305A62CE9", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-10-05:*:*:*:*:*:*:*", matchCriteriaId: "3C9B8790-AF24-488A-93C2-0901E4992BDC", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-10-09:*:*:*:*:*:*:*", matchCriteriaId: "408A3979-ED61-43C9-9F38-A37E62EBC834", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-10-18:*:*:*:*:*:*:*", matchCriteriaId: "5E7BB08A-2A7D-4045-B057-2F446701BDEE", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-10-27:*:*:*:*:*:*:*", matchCriteriaId: "E4211BB5-36B3-4CD0-8CB0-AD94DC89069B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-11-02:*:*:*:*:*:*:*", matchCriteriaId: "EB5EEBB5-3475-4C83-AF1E-DC2C60BE9AE6", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-11-08:*:*:*:*:*:*:*", matchCriteriaId: "B58FD629-EC62-48A7-837C-41E63A8E81B0", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-11-20:*:*:*:*:*:*:*", matchCriteriaId: "A865F441-3309-45F4-8FE9-56BA1D8DC904", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-11-27:*:*:*:*:*:*:*", matchCriteriaId: "B6FAF3F7-297D-49B2-A606-9DD42CD0CC41", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-11-28:*:*:*:*:*:*:*", matchCriteriaId: "365E8422-54C5-4C17-979C-92B7BDF5A483", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-11-29:*:*:*:*:*:*:*", matchCriteriaId: "6143D0D4-A079-44B9-A62D-2B934B0F9B20", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-12-02:*:*:*:*:*:*:*", matchCriteriaId: "94C05920-3B27-413F-89AF-528312411D29", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-12-19:*:*:*:*:*:*:*", matchCriteriaId: "4E282208-3FEF-4BD3-B564-3C1DD310FA05", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-12-20:*:*:*:*:*:*:*", matchCriteriaId: "3C551AB2-DEA7-46C7-A2F8-EF077A23F64E", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2011-12-23:*:*:*:*:*:*:*", matchCriteriaId: "D0F9FE29-7073-4810-B942-F2BE9F4D7B6B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-01-07:*:*:*:*:*:*:*", matchCriteriaId: "B05F8751-3319-49AF-878B-6BEA691B652C", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-01-13:*:*:*:*:*:*:*", matchCriteriaId: "00CCB938-B838-49A7-A870-2DAF807D1BBA", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-01-25:*:*:*:*:*:*:*", matchCriteriaId: "2F2D389E-A724-4C5F-AB89-E1B4B776F767", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-01-26:*:*:*:*:*:*:*", matchCriteriaId: "B22B204A-34BB-43B6-B149-7DB6EF68465A", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-02-03:*:*:*:*:*:*:*", matchCriteriaId: "41359A64-534C-48AA-A83F-3C67A97AD951", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-02-04:*:*:*:*:*:*:*", matchCriteriaId: "DD9D9EF4-3955-4F06-B2C1-9885033B6C93", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-02-29:*:*:*:*:*:*:*", matchCriteriaId: "22107008-9BFE-40BF-BFF2-97071713F705", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-03-20:*:*:*:*:*:*:*", matchCriteriaId: "7607FB28-FE81-42AC-A9EC-9176D2328154", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-03-22:*:*:*:*:*:*:*", matchCriteriaId: "408AEECF-6A81-4362-B8E8-459A0B3D93A6", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-04-04:*:*:*:*:*:*:*", matchCriteriaId: "819CD2BE-9E4F-4F2E-BC1A-DFA1948DE7C5", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-04-18:*:*:*:*:*:*:*", matchCriteriaId: "BA171CDE-C0F6-4F95-BBC0-00037FD6A279", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-04-21:*:*:*:*:*:*:*", matchCriteriaId: "EACDE24D-7EB7-4145-B06F-EEC1D0E21C11", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-04-26:*:*:*:*:*:*:*", matchCriteriaId: "D4345E1E-94F8-4EFA-A207-AE44E19D059E", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-04-27:*:*:*:*:*:*:*", matchCriteriaId: "39D0D99A-255C-482E-BEBB-18AB6831EE5D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-05-03:*:*:*:*:*:*:*", matchCriteriaId: "301DC911-664A-450B-8224-7DAFEEAEAE00", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-05-11:*:*:*:*:*:*:*", matchCriteriaId: "A75A91C9-60BA-4736-98A6-B7B1EF856298", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-05-17:*:*:*:*:*:*:*", matchCriteriaId: "1A6AE62B-C794-4A4D-98D0-5CFFE34E4C6C", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-06-12:*:*:*:*:*:*:*", matchCriteriaId: "30D2DC4F-CC65-4397-8898-418A3A72A743", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-06-17:*:*:*:*:*:*:*", matchCriteriaId: "1CA6C606-092B-4DA4-B0BD-436536156A1B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-06-23:*:*:*:*:*:*:*", matchCriteriaId: "25AB9956-4EE8-44FE-BD6A-0334AE0D72CB", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-06-26:*:*:*:*:*:*:*", matchCriteriaId: "234283EC-9044-4B67-A5C3-C4C001617425", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-07-03:*:*:*:*:*:*:*", matchCriteriaId: "0BB315D3-A712-47AE-88BF-78EFEE5C989E", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-07-06:*:*:*:*:*:*:*", matchCriteriaId: "7591CFB0-6555-4F62-AC84-FE1802DE5BBD", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-07-14:*:*:*:*:*:*:*", matchCriteriaId: "05A7723D-8A04-43FB-AA4D-815A3D2FE448", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-07-18:*:*:*:*:*:*:*", matchCriteriaId: "96D1E140-20CE-435F-8687-2BDAAF0C0629", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-07-24:*:*:*:*:*:*:*", matchCriteriaId: "03C3D7F2-CABD-4416-8B97-04EC4CDE69BF", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-07-26:*:*:*:*:*:*:*", matchCriteriaId: "148C690D-E3F7-481F-9615-47269D77DB84", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-08:*:*:*:*:*:*:*", matchCriteriaId: "0D82AF84-B20E-462A-B6F3-34C73002C7EA", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-12:*:*:*:*:*:*:*", matchCriteriaId: "C2AC27FF-849D-4FBE-A285-A49A975BADC1", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-17:*:*:*:*:*:*:*", matchCriteriaId: "48BB8222-AFBA-46CD-93B0-D89160026C75", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-20:*:*:*:*:*:*:*", matchCriteriaId: "82073CFD-5F7F-4B8A-A6E6-0763C5588FDA", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-28:*:*:*:*:*:*:*", matchCriteriaId: "4616FBAF-C807-4A2E-B406-6BBDB947EAB4", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-29:*:*:*:*:*:*:*", matchCriteriaId: "C3652119-67CF-40AF-B3D0-40CF67B32DE8", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-30:*:*:*:*:*:*:*", matchCriteriaId: "EDF68CA0-A754-4F84-8FE6-AD854FB94A24", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-08-31:*:*:*:*:*:*:*", matchCriteriaId: "9DE80D63-1E2A-4AAB-A6CC-02FBAEE7FF53", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-09-06:*:*:*:*:*:*:*", matchCriteriaId: "96C14DFC-1C57-48E3-84E7-52520CA06B38", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-09-07:*:*:*:*:*:*:*", matchCriteriaId: "BBBD037D-9F90-47DE-B658-FBFDC6D72590", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-09-11:*:*:*:*:*:*:*", matchCriteriaId: "885F579E-4921-460B-B086-947D6D395E63", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-09-12:*:*:*:*:*:*:*", matchCriteriaId: "B9CBE3E6-4D9D-4691-BB20-03C1CBFAF524", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-09-13:*:*:*:*:*:*:*", matchCriteriaId: "D5B6E3F3-917C-4AAA-9C4D-D31B32093B64", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-09-27:*:*:*:*:*:*:*", matchCriteriaId: "B1E28B3B-0DE2-4C8D-B0F2-792881C783EB", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-01:*:*:*:*:*:*:*", matchCriteriaId: "AD0D25E5-5573-406D-96A0-97AAC1B2D2C6", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-04:*:*:*:*:*:*:*", matchCriteriaId: "DFFE9F37-51BB-40B5-9689-4A913F3A7D69", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-11:*:*:*:*:*:*:*", matchCriteriaId: "A6C98716-D615-4CC6-85A0-8FEBD4C66B9D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-12:*:*:*:*:*:*:*", matchCriteriaId: "624C8DB6-ACB5-43A9-B2BB-AC9379532176", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-16:*:*:*:*:*:*:*", matchCriteriaId: "140F7963-B3CA-4A93-89A1-49E3346B2C67", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-17:*:*:*:*:*:*:*", matchCriteriaId: "643AA143-E7D3-4C7B-9C1A-0109EC4A9FED", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-18:*:*:*:*:*:*:*", matchCriteriaId: "2E75B333-4256-43AF-972B-0E2CA1C16F3A", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-21:*:*:*:*:*:*:*", matchCriteriaId: "BE6DA613-DDA6-436D-B292-C3123E67896D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-22:*:*:*:*:*:*:*", matchCriteriaId: "B28E104E-718E-4844-807D-3AB19E745450", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-10-24:*:*:*:*:*:*:*", matchCriteriaId: "0B6FAD95-A908-4ABE-B79D-B4BC3E4F0A42", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-05:*:*:*:*:*:*:*", matchCriteriaId: "F0E84364-76D0-40A2-80DC-CF8059F9C8D7", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-08:*:*:*:*:*:*:*", matchCriteriaId: "2743E88A-7597-4E4F-8117-00FD92C151AA", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-16:*:*:*:*:*:*:*", matchCriteriaId: "E8991D05-7738-45D2-9194-7A82EDDD23CF", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-17:*:*:*:*:*:*:*", matchCriteriaId: "80E3C636-6520-4FB7-ABAB-3E3CF9D013A9", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-22:*:*:*:*:*:*:*", matchCriteriaId: "6CF97BA1-966A-4A5B-A7B6-9C519539D31B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-28:*:*:*:*:*:*:*", matchCriteriaId: "EBEA38E0-1D63-4C27-8660-148755938656", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-29:*:*:*:*:*:*:*", matchCriteriaId: "6C109135-BE9F-4A8A-9E11-7CC8BF61865A", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-11-30:*:*:*:*:*:*:*", matchCriteriaId: "0B47795D-1D08-4DEB-98A0-FEA0429733A5", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-12-15:*:*:*:*:*:*:*", matchCriteriaId: "94F93171-E67D-4237-8F78-C7C99129464C", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-12-18:*:*:*:*:*:*:*", matchCriteriaId: "1E002F2D-EA2A-482D-9D1B-163B65945B59", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-12-21:*:*:*:*:*:*:*", matchCriteriaId: "81BD15D0-6358-4D95-AD41-DD35C6018F0D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-12-22:*:*:*:*:*:*:*", matchCriteriaId: "B023AE91-C984-4248-8A72-27DA625EBD0D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-12-23:*:*:*:*:*:*:*", matchCriteriaId: "3E2DAB59-5654-44CF-A59D-A403DA481B59", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2012-12-24:*:*:*:*:*:*:*", matchCriteriaId: "AD733052-9F7E-46C6-A8CF-9F3285914407", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-03:*:*:*:*:*:*:*", matchCriteriaId: "185AB6DE-C619-4E5F-8527-939FC4DA6F29", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-04:*:*:*:*:*:*:*", matchCriteriaId: "96DA2E4B-0C3B-4FFD-9E39-BA1914799F75", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-05:*:*:*:*:*:*:*", matchCriteriaId: "687B7EFD-4360-4D21-BC41-3B30BC56DC0E", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-15:*:*:*:*:*:*:*", matchCriteriaId: "D74612DF-3789-4B2B-9E5C-885D0ED5694C", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-18:*:*:*:*:*:*:*", matchCriteriaId: "E0528143-59F1-4935-9ACC-E244E023329A", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-19:*:*:*:*:*:*:*", matchCriteriaId: "F819C1AB-A740-4B12-A24A-E3C8A1AC4ABE", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-21:*:*:*:*:*:*:*", matchCriteriaId: "8427A9A7-E1DA-49CD-B4D7-C7B28BC2A9F1", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-22:*:*:*:*:*:*:*", matchCriteriaId: "D446D9E6-FEAC-44EB-8BD2-06123A5707AA", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-23:*:*:*:*:*:*:*", matchCriteriaId: "EFC79E8E-0E83-4925-965B-A36EE4DB62EF", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-01-25:*:*:*:*:*:*:*", matchCriteriaId: "B4F886AC-41A5-4632-87AD-9AA8A2FE5442", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-02-05:*:*:*:*:*:*:*", matchCriteriaId: "2C33655C-ADF7-4ECA-8B1D-608AFCBF6859", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-02-11:*:*:*:*:*:*:*", matchCriteriaId: "C75EA3CA-18CC-4F1F-8F6F-2AF1B01FC035", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-02-27:*:*:*:*:*:*:*", matchCriteriaId: "DE38C2B2-6018-4713-BCA1-F54D921E9E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-03-07:*:*:*:*:*:*:*", matchCriteriaId: "9D254451-D21B-47BF-B741-10AAD224158F", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-03-23:*:*:*:*:*:*:*", matchCriteriaId: "D6E8FDED-C6AD-4387-BEA6-C76597BD56E7", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-03-31:*:*:*:*:*:*:*", matchCriteriaId: "A8C4E33E-B8FD-4894-A40D-53EDD1183F2B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-01:*:*:*:*:*:*:*", matchCriteriaId: "BCFEE9D6-9E7D-440C-B885-927CCC145F5F", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-04:*:*:*:*:*:*:*", matchCriteriaId: "FB1DAE9E-D010-4703-B27E-5028CD8E4BF0", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-05:*:*:*:*:*:*:*", matchCriteriaId: "C5C4D4E0-D759-41CE-B291-4E5F595B14B8", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-06:*:*:*:*:*:*:*", matchCriteriaId: "BB2BF5EA-EEDD-46AA-9983-F100CD73E087", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-08:*:*:*:*:*:*:*", matchCriteriaId: "DCB88E5E-DC89-44B9-9D02-8DA95E83CE90", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-16:*:*:*:*:*:*:*", matchCriteriaId: "B726220E-DDF1-475C-972A-62E37A93CD26", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-21:*:*:*:*:*:*:*", matchCriteriaId: "2A765DBD-AFC1-4516-BE00-DFED7A2101DE", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-22:*:*:*:*:*:*:*", matchCriteriaId: "D037880F-345F-48B7-8A04-4DC317C54E59", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-23:*:*:*:*:*:*:*", matchCriteriaId: "AB8A9B5B-C622-4625-BD67-BDC4CE637B20", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-29:*:*:*:*:*:*:*", matchCriteriaId: "9B8C271F-C431-4EE5-A09A-1E15A4F93876", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-04-30:*:*:*:*:*:*:*", matchCriteriaId: "58DDCF4F-0587-4D02-A4E9-D1F83C3984F4", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-05-30:*:*:*:*:*:*:*", matchCriteriaId: "6A850872-3945-4D6F-B2B3-E9D7F89229AB", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-06-06:*:*:*:*:*:*:*", matchCriteriaId: "3DA561AB-0613-47A5-A949-1768485EE26E", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-06-14:*:*:*:*:*:*:*", matchCriteriaId: "EFCB9354-0EF3-4311-95E9-4CF2D1219C43", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-06-18:*:*:*:*:*:*:*", matchCriteriaId: "5D97303C-47CA-4D13-BF22-FDB183F00C06", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-06-30:*:*:*:*:*:*:*", matchCriteriaId: "10D8F54D-9479-4815-83E0-A4BE57791853", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-07-03:*:*:*:*:*:*:*", matchCriteriaId: "641BE714-8505-460F-B640-96B75C02EDE6", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-07-16:*:*:*:*:*:*:*", matchCriteriaId: "6BF158FC-6142-4FD2-9488-CC9C4A9F3A73", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-07-30:*:*:*:*:*:*:*", matchCriteriaId: "21FF1062-3B6E-4D9C-B1C3-C101024714F9", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-07-31:*:*:*:*:*:*:*", matchCriteriaId: "549A17E1-26A6-431F-9F3A-AFA2283903B1", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-08-05:*:*:*:*:*:*:*", matchCriteriaId: "FEA2C834-B47E-4072-ABB9-A1932CD812A1", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-08-15:*:*:*:*:*:*:*", matchCriteriaId: "16C9ED67-5436-4C5A-888A-375EAF7E90F3", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-08-16:*:*:*:*:*:*:*", matchCriteriaId: "8FB4B630-CAB2-4A04-9A3E-93ADEA354137", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-08-28:*:*:*:*:*:*:*", matchCriteriaId: "6903E6A0-F635-451C-AAE9-B65EF193285E", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-08-31:*:*:*:*:*:*:*", matchCriteriaId: "B43D6137-DCDA-4C06-B313-14C3CE70C688", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-09-07:*:*:*:*:*:*:*", matchCriteriaId: "7DA25A92-102D-4AD0-95D8-4D560ABCAB08", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-09-08:*:*:*:*:*:*:*", matchCriteriaId: "2D34CABE-E94C-4099-A1A4-E8924999396B", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-09-11:*:*:*:*:*:*:*", matchCriteriaId: "83E551C1-53CC-4710-9BBF-A2D963A895E1", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-09-18:*:*:*:*:*:*:*", matchCriteriaId: "D4A1A1AF-EA59-48F2-9C2D-A4932410A9C4", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-09-27:*:*:*:*:*:*:*", matchCriteriaId: "E43D7E60-F1E1-4F0A-8FEE-ADFAF50FC4C9", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-09-30:*:*:*:*:*:*:*", matchCriteriaId: "1E686148-D7BE-431B-BEA3-728D07E3F4A4", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-01:*:*:*:*:*:*:*", matchCriteriaId: "15E3FB98-5244-48C8-9D5F-A369DC241171", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-02:*:*:*:*:*:*:*", matchCriteriaId: "52DBF533-EE8C-42BC-B3BE-EE26239F35C5", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-03:*:*:*:*:*:*:*", matchCriteriaId: "EEB2023C-351A-414B-9644-E58AD4770652", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-07:*:*:*:*:*:*:*", matchCriteriaId: "DE99061E-1BE0-4288-8716-2DA7ADA35590", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-08:*:*:*:*:*:*:*", matchCriteriaId: "8DFE9064-D78C-48FF-8F3C-BE1D0EB62F7D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-09:*:*:*:*:*:*:*", matchCriteriaId: "2CDDCFFF-F199-47F7-9BF2-D0BFBF089D4A", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-11:*:*:*:*:*:*:*", matchCriteriaId: "FF4B49E0-9D17-476C-AF28-18E127E20BE4", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-16:*:*:*:*:*:*:*", matchCriteriaId: "46648DEC-C6F4-483A-B54F-1B1F28F72C9D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-18:*:*:*:*:*:*:*", matchCriteriaId: "D998881F-71F9-46F7-A321-EC59D0CCCED3", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-22:*:*:*:*:*:*:*", matchCriteriaId: "A61BFD6F-71DB-4B78-A706-D20420168194", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-24:*:*:*:*:*:*:*", matchCriteriaId: "2F64B625-03DB-4303-9DF5-64950424A851", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-10-25:*:*:*:*:*:*:*", matchCriteriaId: "A6FE1F55-879F-4A20-A00C-91F629B8327D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-11-06:*:*:*:*:*:*:*", matchCriteriaId: "F73E3573-8106-47DD-9805-CE83B511B520", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-11-10:*:*:*:*:*:*:*", matchCriteriaId: "C8175E96-F154-46F8-A36D-A54FAE855DF9", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-11-14:*:*:*:*:*:*:*", matchCriteriaId: "8770BE3D-E999-4F28-ABA0-513485371A6D", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-11-15:*:*:*:*:*:*:*", matchCriteriaId: "DC044B52-01E2-4E64-B3A1-1D5B9986BF58", vulnerable: true, }, { criteria: "cpe:2.3:a:live555:streaming_media:2013-11-25:*:*:*:*:*:*:*", matchCriteriaId: "0FE98301-634B-4FD8-9DDC-F60D4320AB50", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.", }, { lang: "es", value: "La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2011.08.13 hasta la versión 2013.11.25, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de (1) un espacio o (2) un carácter de tabulación en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de búfer.", }, ], id: "CVE-2013-6933", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-23T21:55:04.913", references: [ { source: "cve@mitre.org", url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, { source: "cve@mitre.org", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-11 17:29
Modified
2024-11-21 04:48
Severity ?
Summary
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rgaufman/live555/issues/21 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202005-06 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rgaufman/live555/issues/21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202005-06 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 0.95 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:0.95:*:*:*:*:*:*:*", matchCriteriaId: "D7EFF72B-05B5-48D0-B5AA-C8BFD85F2CBE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.", }, { lang: "es", value: "En Live555 0.95, hay un desbordamiento de búfer mediante un entero largo en una cabecera HTTP Content-Length debido a que handleRequestBytes tiene un memmove no restringido.", }, ], id: "CVE-2019-7733", lastModified: "2024-11-21T04:48:36.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-11T17:29:00.490", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/rgaufman/live555/issues/21", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202005-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/rgaufman/live555/issues/21", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202005-06", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-04 02:29
Modified
2024-11-21 04:47
Severity ?
Summary
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*", matchCriteriaId: "6BF3B1D8-8081-4080-B68B-0AD7D4D3D1CC", versionEndExcluding: "0.95", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.", }, { lang: "es", value: "liblivemedia en Live555, antes del 03/02/2019, gestiona de manera incorrecta la terminación de una transmisión RTSP después de que RTP/RTCP-over-RTSP se configura, lo que podría provocar un error de uso de memoria previamente liberada que causa el cierre inesperado del servidor RTSP (fallo de segmentación) o potencialmente tiene otro impacto no especificado.", }, ], id: "CVE-2019-7314", lastModified: "2024-11-21T04:47:59.560", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-04T02:29:00.247", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Mar/22", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202005-06", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2019/dsa-4408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202005-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2019/dsa-4408", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-28 04:29
Modified
2024-11-21 04:51
Severity ?
Summary
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*", matchCriteriaId: "52BDFAC3-D07D-487F-AAA3-1CE56E69E8A8", versionEndExcluding: "2019.02.27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*", matchCriteriaId: "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD", vulnerable: true, }, { criteria: "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*", matchCriteriaId: "40513095-7E6E-46B3-B604-C926F1BA3568", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.", }, { lang: "es", value: "En Live555, antes del 27/02/2019, cabeceras mal formadas conducen a un acceso de memoria inválida en la función parseAuthorizationHeader.", }, ], id: "CVE-2019-9215", lastModified: "2024-11-21T04:51:13.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-28T04:29:00.450", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Mar/22", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-06", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Mar/22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-06", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4408", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-29 15:15
Modified
2024-11-21 06:00
Severity ?
Summary
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.live555.com/pipermail/live-devel/2021-March/021891.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.live555.com/pipermail/live-devel/2021-March/021891.html | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*", matchCriteriaId: "6A3FA48C-510C-481C-8091-C3FF9412F577", versionEndExcluding: "2021.3.16", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.", }, { lang: "es", value: "Una vulnerabilidad en las subclases AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession y AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession en redes LIVE555 Streaming Media versiones anteriores a 2021.3.16", }, ], id: "CVE-2021-28899", lastModified: "2024-11-21T06:00:21.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-29T15:15:10.987", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-11 17:29
Modified
2024-11-21 04:48
Severity ?
Summary
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rgaufman/live555/issues/20 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rgaufman/live555/issues/20 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 0.95 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:0.95:*:*:*:*:*:*:*", matchCriteriaId: "D7EFF72B-05B5-48D0-B5AA-C8BFD85F2CBE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.", }, { lang: "es", value: "En Live555 0.95, un paquete de instalación puede provocar una fuga de memoria y una denegación de servicio (DoS). Esto se debe a que, cuando hay múltiples instancias de un único campo (username, realm, nonce, uri o response), solo se puede liberar la última instancia.", }, ], id: "CVE-2019-7732", lastModified: "2024-11-21T04:48:36.400", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-11T17:29:00.443", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/rgaufman/live555/issues/20", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/rgaufman/live555/issues/20", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-01-23 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/65139 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65139 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 2013-11-26 | |
| videolan | vlc_media_player | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:live555:streaming_media:2013-11-26:*:*:*:*:*:*:*", matchCriteriaId: "DCB033D9-C10C-428C-A7EF-DCF113967A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*", matchCriteriaId: "1CC766DE-C9B4-4067-B90F-37DBB63EEFE0", versionEndExcluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.", }, { lang: "es", value: "La función parseRTSPRequestString en Live Networks Live555 Streaming Media 2013.11.26, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un carácter en blanco en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de búfer. NOTA: esta vulnerabilidad existe por una solución incompleta en CVE-2013-6933.", }, ], id: "CVE-2013-6934", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-01-23T21:55:04.947", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/65139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/65139", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-7314
Vulnerability from cvelistv5
Published
2019-02-04 02:00
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html | mailing-list, x_refsource_MLIST | |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC | |
| http://lists.live555.com/pipermail/live-devel/2019-February/021143.html | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:46:46.132Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html", }, { name: "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Mar/22", }, { name: "DSA-4408", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4408", }, { name: "openSUSE-SU-2019:1797", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { name: "openSUSE-SU-2019:1880", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-06", }, { name: "openSUSE-SU-2020:0944", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-03T00:00:00", descriptions: [ { lang: "en", value: "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-07T05:06:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html", }, { name: "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Mar/22", }, { name: "DSA-4408", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4408", }, { name: "openSUSE-SU-2019:1797", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { name: "openSUSE-SU-2019:1880", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-06", }, { name: "openSUSE-SU-2020:0944", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7314", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html", }, { name: "http://www.live555.com/liveMedia/public/changelog.txt", refsource: "MISC", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html", refsource: "MISC", url: "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html", }, { name: "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Mar/22", }, { name: "DSA-4408", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4408", }, { name: "openSUSE-SU-2019:1797", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { name: "openSUSE-SU-2019:1880", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { name: "GLSA-202005-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-06", }, { name: "openSUSE-SU-2020:0944", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7314", datePublished: "2019-02-04T02:00:00", dateReserved: "2019-02-03T00:00:00", dateUpdated: "2024-08-04T20:46:46.132Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15232
Vulnerability from cvelistv5
Published
2019-08-19 23:57
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:42:04.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-14T23:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-06", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.live555.com/liveMedia/public/changelog.txt", refsource: "MISC", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "GLSA-202005-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-06", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15232", datePublished: "2019-08-19T23:57:37", dateReserved: "2019-08-19T00:00:00", dateUpdated: "2024-08-05T00:42:04.063Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7733
Vulnerability from cvelistv5
Published
2019-02-11 17:00
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rgaufman/live555/issues/21 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:54:28.439Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rgaufman/live555/issues/21", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-06", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-11T00:00:00", descriptions: [ { lang: "en", value: "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-14T23:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/rgaufman/live555/issues/21", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-06", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7733", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/rgaufman/live555/issues/21", refsource: "MISC", url: "https://github.com/rgaufman/live555/issues/21", }, { name: "GLSA-202005-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-06", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7733", datePublished: "2019-02-11T17:00:00", dateReserved: "2019-02-11T00:00:00", dateUpdated: "2024-08-04T20:54:28.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28899
Vulnerability from cvelistv5
Published
2021-04-29 14:08
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.live555.com/pipermail/live-devel/2021-March/021891.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:55:11.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-29T14:08:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28899", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", refsource: "MISC", url: "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28899", datePublished: "2021-04-29T14:08:31", dateReserved: "2021-03-19T00:00:00", dateUpdated: "2024-08-03T21:55:11.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-9215
Vulnerability from cvelistv5
Published
2019-02-28 04:00
Modified
2024-08-04 21:38
Severity ?
EPSS score ?
Summary
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:38:46.622Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Mar/22", }, { name: "DSA-4408", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4408", }, { name: "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html", }, { name: "openSUSE-SU-2019:1797", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { name: "openSUSE-SU-2019:1880", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-06", }, { name: "openSUSE-SU-2020:0944", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-27T00:00:00", descriptions: [ { lang: "en", value: "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-07T05:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Mar/22", }, { name: "DSA-4408", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4408", }, { name: "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html", }, { name: "openSUSE-SU-2019:1797", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { name: "openSUSE-SU-2019:1880", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { name: "GLSA-202005-06", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-06", }, { name: "openSUSE-SU-2020:0944", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-9215", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.live555.com/liveMedia/public/changelog.txt", refsource: "MISC", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Mar/22", }, { name: "DSA-4408", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4408", }, { name: "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html", }, { name: "openSUSE-SU-2019:1797", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html", }, { name: "openSUSE-SU-2019:1880", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html", }, { name: "GLSA-202005-06", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-06", }, { name: "openSUSE-SU-2020:0944", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-9215", datePublished: "2019-02-28T04:00:00", dateReserved: "2019-02-27T00:00:00", dateUpdated: "2024-08-04T21:38:46.622Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6934
Vulnerability from cvelistv5
Published
2014-01-23 21:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65139 | vdb-entry, x_refsource_BID | |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM | |
| http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:53:45.351Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "65139", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/65139", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-29T00:00:00", descriptions: [ { lang: "en", value: "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-29T18:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "65139", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/65139", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6934", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "65139", refsource: "BID", url: "http://www.securityfocus.com/bid/65139", }, { name: "http://www.live555.com/liveMedia/public/changelog.txt", refsource: "CONFIRM", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", refsource: "MISC", url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6934", datePublished: "2014-01-23T21:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T17:53:45.351Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7732
Vulnerability from cvelistv5
Published
2019-02-11 17:00
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rgaufman/live555/issues/20 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:54:28.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/rgaufman/live555/issues/20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-11T00:00:00", descriptions: [ { lang: "en", value: "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-11T17:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/rgaufman/live555/issues/20", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7732", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/rgaufman/live555/issues/20", refsource: "MISC", url: "https://github.com/rgaufman/live555/issues/20", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7732", datePublished: "2019-02-11T17:00:00", dateReserved: "2019-02-11T00:00:00", dateUpdated: "2024-08-04T20:54:28.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-6933
Vulnerability from cvelistv5
Published
2014-01-23 21:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM | |
| http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T17:53:45.948Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-11-26T00:00:00", descriptions: [ { lang: "en", value: "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-01-23T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2013-6933", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.live555.com/liveMedia/public/changelog.txt", refsource: "CONFIRM", url: "http://www.live555.com/liveMedia/public/changelog.txt", }, { name: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", refsource: "MISC", url: "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2013-6933", datePublished: "2014-01-23T21:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T17:53:45.948Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }