All the vulnerabilites related to live555 - streaming_media
cve-2019-9215
Vulnerability from cvelistv5
Published
2019-02-28 04:00
Modified
2024-08-04 21:38
Severity ?
EPSS score ?
Summary
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T05:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1797",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9215",
"datePublished": "2019-02-28T04:00:00",
"dateReserved": "2019-02-27T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15232
Vulnerability from cvelistv5
Published
2019-08-19 23:57
Modified
2024-08-05 00:42
Severity ?
EPSS score ?
Summary
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:04.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15232",
"datePublished": "2019-08-19T23:57:37",
"dateReserved": "2019-08-19T00:00:00",
"dateUpdated": "2024-08-05T00:42:04.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6934
Vulnerability from cvelistv5
Published
2014-01-23 21:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65139 | vdb-entry, x_refsource_BID | |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM | |
| http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65139"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html",
"refsource": "MISC",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6934",
"datePublished": "2014-01-23T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7732
Vulnerability from cvelistv5
Published
2019-02-11 17:00
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rgaufman/live555/issues/20 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rgaufman/live555/issues/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rgaufman/live555/issues/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rgaufman/live555/issues/20",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7732",
"datePublished": "2019-02-11T17:00:00",
"dateReserved": "2019-02-11T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28899
Vulnerability from cvelistv5
Published
2021-04-29 14:08
Modified
2024-08-03 21:55
Severity ?
EPSS score ?
Summary
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.live555.com/pipermail/live-devel/2021-March/021891.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T14:08:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28899",
"datePublished": "2021-04-29T14:08:31",
"dateReserved": "2021-03-19T00:00:00",
"dateUpdated": "2024-08-03T21:55:11.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7314
Vulnerability from cvelistv5
Published
2019-02-04 02:00
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html | mailing-list, x_refsource_MLIST | |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC | |
| http://lists.live555.com/pipermail/live-devel/2019-February/021143.html | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T05:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "openSUSE-SU-2019:1797",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7314",
"datePublished": "2019-02-04T02:00:00",
"dateReserved": "2019-02-03T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7733
Vulnerability from cvelistv5
Published
2019-02-11 17:00
Modified
2024-08-04 20:54
Severity ?
EPSS score ?
Summary
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rgaufman/live555/issues/21 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rgaufman/live555/issues/21",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7733",
"datePublished": "2019-02-11T17:00:00",
"dateReserved": "2019-02-11T00:00:00",
"dateUpdated": "2024-08-04T20:54:28.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6933
Vulnerability from cvelistv5
Published
2014-01-23 21:00
Modified
2024-08-06 17:53
Severity ?
EPSS score ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM | |
| http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-23T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html",
"refsource": "MISC",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6933",
"datePublished": "2014-01-23T21:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T17:53:45.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-08-20 00:15
Modified
2024-11-21 04:28
Severity ?
Summary
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202005-06 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202005-06 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485C442E-F46F-4515-A1A2-3044CFEAF01D",
"versionEndExcluding": "2019-08-16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors."
},
{
"lang": "es",
"value": "Live555 versiones anteriores a 2019.08.16, presenta un uso de la memoria previamente liberada porque la funci\u00f3n GenericMediaServer::createNewClientSessionWithId puede generar el mismo ID de sesi\u00f3n de cliente en sucesi\u00f3n, el cual es manejado inapropiadamente por los demultiplexores de archivos MPEG1or2 y Matroska."
}
],
"id": "CVE-2019-15232",
"lastModified": "2024-11-21T04:28:15.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T00:15:10.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-29 15:15
Modified
2024-11-21 06:00
Severity ?
Summary
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.live555.com/pipermail/live-devel/2021-March/021891.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.live555.com/pipermail/live-devel/2021-March/021891.html | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3FA48C-510C-481C-8091-C3FF9412F577",
"versionEndExcluding": "2021.3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16."
},
{
"lang": "es",
"value": "Una vulnerabilidad en las subclases AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession y AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession en redes LIVE555 Streaming Media versiones anteriores a 2021.3.16"
}
],
"id": "CVE-2021-28899",
"lastModified": "2024-11-21T06:00:21.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-29T15:15:10.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-11 17:29
Modified
2024-11-21 04:48
Severity ?
Summary
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rgaufman/live555/issues/21 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202005-06 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rgaufman/live555/issues/21 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202005-06 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 0.95 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EFF72B-05B5-48D0-B5AA-C8BFD85F2CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove."
},
{
"lang": "es",
"value": "En Live555 0.95, hay un desbordamiento de b\u00fafer mediante un entero largo en una cabecera HTTP Content-Length debido a que handleRequestBytes tiene un memmove no restringido."
}
],
"id": "CVE-2019-7733",
"lastModified": "2024-11-21T04:48:36.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-11T17:29:00.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-11 17:29
Modified
2024-11-21 04:48
Severity ?
Summary
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/rgaufman/live555/issues/20 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rgaufman/live555/issues/20 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 0.95 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EFF72B-05B5-48D0-B5AA-C8BFD85F2CBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
},
{
"lang": "es",
"value": "En Live555 0.95, un paquete de instalaci\u00f3n puede provocar una fuga de memoria y una denegaci\u00f3n de servicio (DoS). Esto se debe a que, cuando hay m\u00faltiples instancias de un \u00fanico campo (username, realm, nonce, uri o response), solo se puede liberar la \u00faltima instancia."
}
],
"id": "CVE-2019-7732",
"lastModified": "2024-11-21T04:48:36.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-11T17:29:00.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rgaufman/live555/issues/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/rgaufman/live555/issues/20"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-23 21:55
Modified
2024-11-21 01:59
Severity ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/65139 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65139 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | 2013-11-26 | |
| videolan | vlc_media_player | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-26:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB033D9-C10C-428C-A7EF-DCF113967A19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC766DE-C9B4-4067-B90F-37DBB63EEFE0",
"versionEndExcluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
},
{
"lang": "es",
"value": "La funci\u00f3n parseRTSPRequestString en Live Networks Live555 Streaming Media 2013.11.26, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un car\u00e1cter en blanco en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de b\u00fafer. NOTA: esta vulnerabilidad existe por una soluci\u00f3n incompleta en CVE-2013-6933."
}
],
"id": "CVE-2013-6934",
"lastModified": "2024-11-21T01:59:59.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-23T21:55:04.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65139"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-28 04:29
Modified
2024-11-21 04:51
Severity ?
Summary
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52BDFAC3-D07D-487F-AAA3-1CE56E69E8A8",
"versionEndExcluding": "2019.02.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D83DA865-E4A6-4FBF-AA1B-A969EBA6B2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function."
},
{
"lang": "es",
"value": "En Live555, antes del 27/02/2019, cabeceras mal formadas conducen a un acceso de memoria inv\u00e1lida en la funci\u00f3n parseAuthorizationHeader."
}
],
"id": "CVE-2019-9215",
"lastModified": "2024-11-21T04:51:13.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-28T04:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-04 02:29
Modified
2024-11-21 04:47
Severity ?
Summary
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| live555 | streaming_media | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF3B1D8-8081-4080-B68B-0AD7D4D3D1CC",
"versionEndExcluding": "0.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "liblivemedia en Live555, antes del 03/02/2019, gestiona de manera incorrecta la terminaci\u00f3n de una transmisi\u00f3n RTSP despu\u00e9s de que RTP/RTCP-over-RTSP se configura, lo que podr\u00eda provocar un error de uso de memoria previamente liberada que causa el cierre inesperado del servidor RTSP (fallo de segmentaci\u00f3n) o potencialmente tiene otro impacto no especificado."
}
],
"id": "CVE-2019-7314",
"lastModified": "2024-11-21T04:47:59.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-04T02:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-23 21:55
Modified
2024-11-21 01:59
Severity ?
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-08-13:*:*:*:*:*:*:*",
"matchCriteriaId": "A45002A7-F124-431B-AA70-56229E1317A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-08-20:*:*:*:*:*:*:*",
"matchCriteriaId": "8E1CAC51-7C4C-42B9-8156-E20C4385BC3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-08-22:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF7B64A-6494-458B-9FB3-38A88D08EDC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-09-02:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C555C-3151-4FFC-B268-83DC402132C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-09-19:*:*:*:*:*:*:*",
"matchCriteriaId": "B7377FA8-4D34-4BE4-9202-D70305A62CE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-10-05:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9B8790-AF24-488A-93C2-0901E4992BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-10-09:*:*:*:*:*:*:*",
"matchCriteriaId": "408A3979-ED61-43C9-9F38-A37E62EBC834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-10-18:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7BB08A-2A7D-4045-B057-2F446701BDEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-10-27:*:*:*:*:*:*:*",
"matchCriteriaId": "E4211BB5-36B3-4CD0-8CB0-AD94DC89069B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-11-02:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5EEBB5-3475-4C83-AF1E-DC2C60BE9AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-11-08:*:*:*:*:*:*:*",
"matchCriteriaId": "B58FD629-EC62-48A7-837C-41E63A8E81B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-11-20:*:*:*:*:*:*:*",
"matchCriteriaId": "A865F441-3309-45F4-8FE9-56BA1D8DC904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-11-27:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FAF3F7-297D-49B2-A606-9DD42CD0CC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-11-28:*:*:*:*:*:*:*",
"matchCriteriaId": "365E8422-54C5-4C17-979C-92B7BDF5A483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-11-29:*:*:*:*:*:*:*",
"matchCriteriaId": "6143D0D4-A079-44B9-A62D-2B934B0F9B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-12-02:*:*:*:*:*:*:*",
"matchCriteriaId": "94C05920-3B27-413F-89AF-528312411D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-12-19:*:*:*:*:*:*:*",
"matchCriteriaId": "4E282208-3FEF-4BD3-B564-3C1DD310FA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-12-20:*:*:*:*:*:*:*",
"matchCriteriaId": "3C551AB2-DEA7-46C7-A2F8-EF077A23F64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2011-12-23:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F9FE29-7073-4810-B942-F2BE9F4D7B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-01-07:*:*:*:*:*:*:*",
"matchCriteriaId": "B05F8751-3319-49AF-878B-6BEA691B652C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-01-13:*:*:*:*:*:*:*",
"matchCriteriaId": "00CCB938-B838-49A7-A870-2DAF807D1BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-01-25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2D389E-A724-4C5F-AB89-E1B4B776F767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-01-26:*:*:*:*:*:*:*",
"matchCriteriaId": "B22B204A-34BB-43B6-B149-7DB6EF68465A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-02-03:*:*:*:*:*:*:*",
"matchCriteriaId": "41359A64-534C-48AA-A83F-3C67A97AD951",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-02-04:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9D9EF4-3955-4F06-B2C1-9885033B6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-02-29:*:*:*:*:*:*:*",
"matchCriteriaId": "22107008-9BFE-40BF-BFF2-97071713F705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-03-20:*:*:*:*:*:*:*",
"matchCriteriaId": "7607FB28-FE81-42AC-A9EC-9176D2328154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-03-22:*:*:*:*:*:*:*",
"matchCriteriaId": "408AEECF-6A81-4362-B8E8-459A0B3D93A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-04-04:*:*:*:*:*:*:*",
"matchCriteriaId": "819CD2BE-9E4F-4F2E-BC1A-DFA1948DE7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-04-18:*:*:*:*:*:*:*",
"matchCriteriaId": "BA171CDE-C0F6-4F95-BBC0-00037FD6A279",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-04-21:*:*:*:*:*:*:*",
"matchCriteriaId": "EACDE24D-7EB7-4145-B06F-EEC1D0E21C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-04-26:*:*:*:*:*:*:*",
"matchCriteriaId": "D4345E1E-94F8-4EFA-A207-AE44E19D059E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-04-27:*:*:*:*:*:*:*",
"matchCriteriaId": "39D0D99A-255C-482E-BEBB-18AB6831EE5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-05-03:*:*:*:*:*:*:*",
"matchCriteriaId": "301DC911-664A-450B-8224-7DAFEEAEAE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-05-11:*:*:*:*:*:*:*",
"matchCriteriaId": "A75A91C9-60BA-4736-98A6-B7B1EF856298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-05-17:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6AE62B-C794-4A4D-98D0-5CFFE34E4C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-06-12:*:*:*:*:*:*:*",
"matchCriteriaId": "30D2DC4F-CC65-4397-8898-418A3A72A743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-06-17:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA6C606-092B-4DA4-B0BD-436536156A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-06-23:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB9956-4EE8-44FE-BD6A-0334AE0D72CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-06-26:*:*:*:*:*:*:*",
"matchCriteriaId": "234283EC-9044-4B67-A5C3-C4C001617425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-07-03:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB315D3-A712-47AE-88BF-78EFEE5C989E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-07-06:*:*:*:*:*:*:*",
"matchCriteriaId": "7591CFB0-6555-4F62-AC84-FE1802DE5BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-07-14:*:*:*:*:*:*:*",
"matchCriteriaId": "05A7723D-8A04-43FB-AA4D-815A3D2FE448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-07-18:*:*:*:*:*:*:*",
"matchCriteriaId": "96D1E140-20CE-435F-8687-2BDAAF0C0629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-07-24:*:*:*:*:*:*:*",
"matchCriteriaId": "03C3D7F2-CABD-4416-8B97-04EC4CDE69BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-07-26:*:*:*:*:*:*:*",
"matchCriteriaId": "148C690D-E3F7-481F-9615-47269D77DB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-08:*:*:*:*:*:*:*",
"matchCriteriaId": "0D82AF84-B20E-462A-B6F3-34C73002C7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-12:*:*:*:*:*:*:*",
"matchCriteriaId": "C2AC27FF-849D-4FBE-A285-A49A975BADC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-17:*:*:*:*:*:*:*",
"matchCriteriaId": "48BB8222-AFBA-46CD-93B0-D89160026C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-20:*:*:*:*:*:*:*",
"matchCriteriaId": "82073CFD-5F7F-4B8A-A6E6-0763C5588FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-28:*:*:*:*:*:*:*",
"matchCriteriaId": "4616FBAF-C807-4A2E-B406-6BBDB947EAB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-29:*:*:*:*:*:*:*",
"matchCriteriaId": "C3652119-67CF-40AF-B3D0-40CF67B32DE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-30:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF68CA0-A754-4F84-8FE6-AD854FB94A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-08-31:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE80D63-1E2A-4AAB-A6CC-02FBAEE7FF53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-09-06:*:*:*:*:*:*:*",
"matchCriteriaId": "96C14DFC-1C57-48E3-84E7-52520CA06B38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-09-07:*:*:*:*:*:*:*",
"matchCriteriaId": "BBBD037D-9F90-47DE-B658-FBFDC6D72590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-09-11:*:*:*:*:*:*:*",
"matchCriteriaId": "885F579E-4921-460B-B086-947D6D395E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-09-12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CBE3E6-4D9D-4691-BB20-03C1CBFAF524",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-09-13:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B6E3F3-917C-4AAA-9C4D-D31B32093B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-09-27:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E28B3B-0DE2-4C8D-B0F2-792881C783EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-01:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0D25E5-5573-406D-96A0-97AAC1B2D2C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-04:*:*:*:*:*:*:*",
"matchCriteriaId": "DFFE9F37-51BB-40B5-9689-4A913F3A7D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-11:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C98716-D615-4CC6-85A0-8FEBD4C66B9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-12:*:*:*:*:*:*:*",
"matchCriteriaId": "624C8DB6-ACB5-43A9-B2BB-AC9379532176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-16:*:*:*:*:*:*:*",
"matchCriteriaId": "140F7963-B3CA-4A93-89A1-49E3346B2C67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-17:*:*:*:*:*:*:*",
"matchCriteriaId": "643AA143-E7D3-4C7B-9C1A-0109EC4A9FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-18:*:*:*:*:*:*:*",
"matchCriteriaId": "2E75B333-4256-43AF-972B-0E2CA1C16F3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-21:*:*:*:*:*:*:*",
"matchCriteriaId": "BE6DA613-DDA6-436D-B292-C3123E67896D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-22:*:*:*:*:*:*:*",
"matchCriteriaId": "B28E104E-718E-4844-807D-3AB19E745450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-10-24:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6FAD95-A908-4ABE-B79D-B4BC3E4F0A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-05:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E84364-76D0-40A2-80DC-CF8059F9C8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-08:*:*:*:*:*:*:*",
"matchCriteriaId": "2743E88A-7597-4E4F-8117-00FD92C151AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8991D05-7738-45D2-9194-7A82EDDD23CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-17:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3C636-6520-4FB7-ABAB-3E3CF9D013A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-22:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF97BA1-966A-4A5B-A7B6-9C519539D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-28:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEA38E0-1D63-4C27-8660-148755938656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-29:*:*:*:*:*:*:*",
"matchCriteriaId": "6C109135-BE9F-4A8A-9E11-7CC8BF61865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-11-30:*:*:*:*:*:*:*",
"matchCriteriaId": "0B47795D-1D08-4DEB-98A0-FEA0429733A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-12-15:*:*:*:*:*:*:*",
"matchCriteriaId": "94F93171-E67D-4237-8F78-C7C99129464C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-12-18:*:*:*:*:*:*:*",
"matchCriteriaId": "1E002F2D-EA2A-482D-9D1B-163B65945B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-12-21:*:*:*:*:*:*:*",
"matchCriteriaId": "81BD15D0-6358-4D95-AD41-DD35C6018F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-12-22:*:*:*:*:*:*:*",
"matchCriteriaId": "B023AE91-C984-4248-8A72-27DA625EBD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-12-23:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2DAB59-5654-44CF-A59D-A403DA481B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2012-12-24:*:*:*:*:*:*:*",
"matchCriteriaId": "AD733052-9F7E-46C6-A8CF-9F3285914407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-03:*:*:*:*:*:*:*",
"matchCriteriaId": "185AB6DE-C619-4E5F-8527-939FC4DA6F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-04:*:*:*:*:*:*:*",
"matchCriteriaId": "96DA2E4B-0C3B-4FFD-9E39-BA1914799F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-05:*:*:*:*:*:*:*",
"matchCriteriaId": "687B7EFD-4360-4D21-BC41-3B30BC56DC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-15:*:*:*:*:*:*:*",
"matchCriteriaId": "D74612DF-3789-4B2B-9E5C-885D0ED5694C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0528143-59F1-4935-9ACC-E244E023329A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-19:*:*:*:*:*:*:*",
"matchCriteriaId": "F819C1AB-A740-4B12-A24A-E3C8A1AC4ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-21:*:*:*:*:*:*:*",
"matchCriteriaId": "8427A9A7-E1DA-49CD-B4D7-C7B28BC2A9F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-22:*:*:*:*:*:*:*",
"matchCriteriaId": "D446D9E6-FEAC-44EB-8BD2-06123A5707AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-23:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC79E8E-0E83-4925-965B-A36EE4DB62EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-01-25:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F886AC-41A5-4632-87AD-9AA8A2FE5442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-02-05:*:*:*:*:*:*:*",
"matchCriteriaId": "2C33655C-ADF7-4ECA-8B1D-608AFCBF6859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-02-11:*:*:*:*:*:*:*",
"matchCriteriaId": "C75EA3CA-18CC-4F1F-8F6F-2AF1B01FC035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-02-27:*:*:*:*:*:*:*",
"matchCriteriaId": "DE38C2B2-6018-4713-BCA1-F54D921E9E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-03-07:*:*:*:*:*:*:*",
"matchCriteriaId": "9D254451-D21B-47BF-B741-10AAD224158F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-03-23:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E8FDED-C6AD-4387-BEA6-C76597BD56E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-03-31:*:*:*:*:*:*:*",
"matchCriteriaId": "A8C4E33E-B8FD-4894-A40D-53EDD1183F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-01:*:*:*:*:*:*:*",
"matchCriteriaId": "BCFEE9D6-9E7D-440C-B885-927CCC145F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-04:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1DAE9E-D010-4703-B27E-5028CD8E4BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-05:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C4D4E0-D759-41CE-B291-4E5F595B14B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-06:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2BF5EA-EEDD-46AA-9983-F100CD73E087",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-08:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB88E5E-DC89-44B9-9D02-8DA95E83CE90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-16:*:*:*:*:*:*:*",
"matchCriteriaId": "B726220E-DDF1-475C-972A-62E37A93CD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-21:*:*:*:*:*:*:*",
"matchCriteriaId": "2A765DBD-AFC1-4516-BE00-DFED7A2101DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-22:*:*:*:*:*:*:*",
"matchCriteriaId": "D037880F-345F-48B7-8A04-4DC317C54E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-23:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8A9B5B-C622-4625-BD67-BDC4CE637B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-29:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8C271F-C431-4EE5-A09A-1E15A4F93876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-04-30:*:*:*:*:*:*:*",
"matchCriteriaId": "58DDCF4F-0587-4D02-A4E9-D1F83C3984F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-05-30:*:*:*:*:*:*:*",
"matchCriteriaId": "6A850872-3945-4D6F-B2B3-E9D7F89229AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-06-06:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA561AB-0613-47A5-A949-1768485EE26E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-06-14:*:*:*:*:*:*:*",
"matchCriteriaId": "EFCB9354-0EF3-4311-95E9-4CF2D1219C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-06-18:*:*:*:*:*:*:*",
"matchCriteriaId": "5D97303C-47CA-4D13-BF22-FDB183F00C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-06-30:*:*:*:*:*:*:*",
"matchCriteriaId": "10D8F54D-9479-4815-83E0-A4BE57791853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-07-03:*:*:*:*:*:*:*",
"matchCriteriaId": "641BE714-8505-460F-B640-96B75C02EDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-07-16:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF158FC-6142-4FD2-9488-CC9C4A9F3A73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-07-30:*:*:*:*:*:*:*",
"matchCriteriaId": "21FF1062-3B6E-4D9C-B1C3-C101024714F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-07-31:*:*:*:*:*:*:*",
"matchCriteriaId": "549A17E1-26A6-431F-9F3A-AFA2283903B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-08-05:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA2C834-B47E-4072-ABB9-A1932CD812A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-08-15:*:*:*:*:*:*:*",
"matchCriteriaId": "16C9ED67-5436-4C5A-888A-375EAF7E90F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-08-16:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4B630-CAB2-4A04-9A3E-93ADEA354137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-08-28:*:*:*:*:*:*:*",
"matchCriteriaId": "6903E6A0-F635-451C-AAE9-B65EF193285E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-08-31:*:*:*:*:*:*:*",
"matchCriteriaId": "B43D6137-DCDA-4C06-B313-14C3CE70C688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-09-07:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA25A92-102D-4AD0-95D8-4D560ABCAB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-09-08:*:*:*:*:*:*:*",
"matchCriteriaId": "2D34CABE-E94C-4099-A1A4-E8924999396B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-09-11:*:*:*:*:*:*:*",
"matchCriteriaId": "83E551C1-53CC-4710-9BBF-A2D963A895E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-09-18:*:*:*:*:*:*:*",
"matchCriteriaId": "D4A1A1AF-EA59-48F2-9C2D-A4932410A9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-09-27:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D7E60-F1E1-4F0A-8FEE-ADFAF50FC4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-09-30:*:*:*:*:*:*:*",
"matchCriteriaId": "1E686148-D7BE-431B-BEA3-728D07E3F4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-01:*:*:*:*:*:*:*",
"matchCriteriaId": "15E3FB98-5244-48C8-9D5F-A369DC241171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-02:*:*:*:*:*:*:*",
"matchCriteriaId": "52DBF533-EE8C-42BC-B3BE-EE26239F35C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-03:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2023C-351A-414B-9644-E58AD4770652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-07:*:*:*:*:*:*:*",
"matchCriteriaId": "DE99061E-1BE0-4288-8716-2DA7ADA35590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-08:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFE9064-D78C-48FF-8F3C-BE1D0EB62F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-09:*:*:*:*:*:*:*",
"matchCriteriaId": "2CDDCFFF-F199-47F7-9BF2-D0BFBF089D4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-11:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4B49E0-9D17-476C-AF28-18E127E20BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-16:*:*:*:*:*:*:*",
"matchCriteriaId": "46648DEC-C6F4-483A-B54F-1B1F28F72C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-18:*:*:*:*:*:*:*",
"matchCriteriaId": "D998881F-71F9-46F7-A321-EC59D0CCCED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-22:*:*:*:*:*:*:*",
"matchCriteriaId": "A61BFD6F-71DB-4B78-A706-D20420168194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-24:*:*:*:*:*:*:*",
"matchCriteriaId": "2F64B625-03DB-4303-9DF5-64950424A851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-10-25:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FE1F55-879F-4A20-A00C-91F629B8327D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-06:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E3573-8106-47DD-9805-CE83B511B520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-10:*:*:*:*:*:*:*",
"matchCriteriaId": "C8175E96-F154-46F8-A36D-A54FAE855DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-14:*:*:*:*:*:*:*",
"matchCriteriaId": "8770BE3D-E999-4F28-ABA0-513485371A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-15:*:*:*:*:*:*:*",
"matchCriteriaId": "DC044B52-01E2-4E64-B3A1-1D5B9986BF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:live555:streaming_media:2013-11-25:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE98301-634B-4FD8-9DDC-F60D4320AB50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow."
},
{
"lang": "es",
"value": "La funci\u00f3n parseRTSPRequestString en Live Networks Live555 Streaming Media 2011.08.13 hasta la versi\u00f3n 2013.11.25, tal como se usa en VideoLAN VLC Media Player, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) un espacio o (2) un car\u00e1cter de tabulaci\u00f3n en el comienzo de un mensaje RTSP, lo que desencadena en un underflow de enteros, bucle infinito, y desbordamiento de b\u00fafer."
}
],
"id": "CVE-2013-6933",
"lastModified": "2024-11-21T01:59:59.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-23T21:55:04.913",
"references": [
{
"source": "cve@mitre.org",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}