Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
24 vulnerabilities by live555
CVE-2025-65405 (GCVE-0-2025-65405)
Vulnerability from cvelistv5 – Published: 2025-12-01 00:00 – Updated: 2025-12-01 19:31
VLAI
Summary
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65405",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T19:30:03.985274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:31:09.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T16:02:49.542Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/rgaufman/live555"
},
{
"url": "https://shimo.im/docs/25q5XMXpOwSr8w3D"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65405",
"datePublished": "2025-12-01T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-01T19:31:09.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65407 (GCVE-0-2025-65407)
Vulnerability from cvelistv5 – Published: 2025-12-01 00:00 – Updated: 2025-12-01 19:31
VLAI
Summary
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65407",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T19:24:15.753742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:31:50.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T18:14:32.640Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/rgaufman/live555"
},
{
"url": "https://shimo.im/docs/VMAPLVLpzZcZvoAg"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65407",
"datePublished": "2025-12-01T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-01T19:31:50.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65408 (GCVE-0-2025-65408)
Vulnerability from cvelistv5 – Published: 2025-12-01 00:00 – Updated: 2025-12-01 19:32
VLAI
Summary
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T19:30:36.082712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:32:29.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T16:49:15.846Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/rgaufman/live555"
},
{
"url": "https://shimo.im/docs/VMAPLVLp57SJ92Ag"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65408",
"datePublished": "2025-12-01T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-01T19:32:29.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65406 (GCVE-0-2025-65406)
Vulnerability from cvelistv5 – Published: 2025-12-01 00:00 – Updated: 2025-12-01 19:50
VLAI
Summary
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65406",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T19:50:04.959168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:50:23.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T16:12:12.468Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/rgaufman/live555"
},
{
"url": "https://shimo.im/docs/1lq7rMrp8lI1vW3e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65406",
"datePublished": "2025-12-01T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-01T19:50:23.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65404 (GCVE-0-2025-65404)
Vulnerability from cvelistv5 – Published: 2025-12-01 00:00 – Updated: 2025-12-01 19:42
VLAI
Summary
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-65404",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T19:41:21.153310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T19:42:33.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T16:05:57.827Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://shimo.im/docs/16q8xMxpPlH8Z2q7"
},
{
"url": "https://github.com/rgaufman/live555"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-65404",
"datePublished": "2025-12-01T00:00:00.000Z",
"dateReserved": "2025-11-18T00:00:00.000Z",
"dateUpdated": "2025-12-01T19:42:33.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37117 (GCVE-0-2023-37117)
Vulnerability from cvelistv5 – Published: 2024-01-12 00:00 – Updated: 2024-09-03 18:14
VLAI
Summary
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-416 - Use After Free
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2023-June/022331.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-37117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-26T19:49:06.518954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:14:41.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T06:17:44.580Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"url": "http://lists.live555.com/pipermail/live-devel/2023-June/022331.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37117",
"datePublished": "2024-01-12T00:00:00.000Z",
"dateReserved": "2023-06-28T00:00:00.000Z",
"dateUpdated": "2024-09-03T18:14:41.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41396 (GCVE-0-2021-41396)
Vulnerability from cvelistv5 – Published: 2022-07-11 11:38 – Updated: 2024-08-04 03:08
VLAI
Summary
Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC |
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T11:38:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41396",
"datePublished": "2022-07-11T11:38:05.000Z",
"dateReserved": "2021-09-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39282 (GCVE-0-2021-39282)
Vulnerability from cvelistv5 – Published: 2021-08-18 16:59 – Updated: 2024-08-04 02:06
VLAI
Summary
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
| http://www.live555.com/liveMedia/public/changelog… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T16:59:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39282",
"datePublished": "2021-08-18T16:59:05.000Z",
"dateReserved": "2021-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:06:41.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39283 (GCVE-0-2021-39283)
Vulnerability from cvelistv5 – Published: 2021-08-18 16:58 – Updated: 2024-08-04 02:06
VLAI
Summary
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.live555.com/liveMedia/public/changelog… | x_refsource_MISC |
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T16:58:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39283",
"datePublished": "2021-08-18T16:58:53.000Z",
"dateReserved": "2021-08-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:06:41.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38380 (GCVE-0-2021-38380)
Vulnerability from cvelistv5 – Published: 2021-08-10 17:16 – Updated: 2024-08-04 01:37
VLAI
Summary
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
| http://www.live555.com/liveMedia/public/changelog… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.04%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T17:16:22.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.04%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38380",
"datePublished": "2021-08-10T17:16:22.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38381 (GCVE-0-2021-38381)
Vulnerability from cvelistv5 – Published: 2021-08-10 17:16 – Updated: 2024-08-04 01:37
VLAI
Summary
Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
| http://www.live555.com/liveMedia/public/changelog… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T17:16:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38381",
"datePublished": "2021-08-10T17:16:11.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38382 (GCVE-0-2021-38382)
Vulnerability from cvelistv5 – Published: 2021-08-10 17:15 – Updated: 2024-08-04 01:37
VLAI
Summary
Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
| http://www.live555.com/liveMedia/public/changelog… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.06%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T17:15:59.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.06%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38382",
"datePublished": "2021-08-10T17:15:59.000Z",
"dateReserved": "2021-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28899 (GCVE-0-2021-28899)
Vulnerability from cvelistv5 – Published: 2021-04-29 14:08 – Updated: 2024-08-03 21:55
VLAI
Summary
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:11.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-29T14:08:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-March/021891.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28899",
"datePublished": "2021-04-29T14:08:31.000Z",
"dateReserved": "2021-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:55:11.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24027 (GCVE-0-2020-24027)
Vulnerability from cvelistv5 – Published: 2021-01-11 19:41 – Updated: 2024-08-04 15:05
VLAI
Summary
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC |
| http://lists.live555.com/pipermail/live-devel/202… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:05:11.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2020-July/021662.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP \"PLAY\" command, when the command specifies seeking by absolute time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-11T19:41:52.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2020-July/021662.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP \"PLAY\" command, when the command specifies seeking by absolute time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2020-July/021662.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2020-July/021662.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24027",
"datePublished": "2021-01-11T19:41:52.000Z",
"dateReserved": "2020-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:05:11.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15232 (GCVE-0-2019-15232)
Vulnerability from cvelistv5 – Published: 2019-08-19 23:57 – Updated: 2024-08-05 00:42
VLAI
Summary
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:42:04.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15232",
"datePublished": "2019-08-19T23:57:37.000Z",
"dateReserved": "2019-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:42:04.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9215 (GCVE-0-2019-9215)
Vulnerability from cvelistv5 – Published: 2019-02-28 04:00 – Updated: 2024-08-04 21:38
VLAI
Summary
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2019-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T05:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1720-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html"
},
{
"name": "openSUSE-SU-2019:1797",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9215",
"datePublished": "2019-02-28T04:00:00.000Z",
"dateReserved": "2019-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:38:46.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7732 (GCVE-0-2019-7732)
Vulnerability from cvelistv5 – Published: 2019-02-11 17:00 – Updated: 2024-08-04 20:54
VLAI
Summary
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rgaufman/live555/issues/20 | x_refsource_MISC |
Date Public
2019-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rgaufman/live555/issues/20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-11T17:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rgaufman/live555/issues/20"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rgaufman/live555/issues/20",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/20"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7732",
"datePublished": "2019-02-11T17:00:00.000Z",
"dateReserved": "2019-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:28.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7733 (GCVE-0-2019-7733)
Vulnerability from cvelistv5 – Published: 2019-02-11 17:00 – Updated: 2024-08-04 20:54
VLAI
Summary
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/rgaufman/live555/issues/21 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2019-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:19.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rgaufman/live555/issues/21",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/21"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7733",
"datePublished": "2019-02-11T17:00:00.000Z",
"dateReserved": "2019-02-11T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:28.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7314 (GCVE-0-2019-7314)
Vulnerability from cvelistv5 – Published: 2019-02-04 02:00 – Updated: 2024-08-04 20:46
VLAI
Summary
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_MISC |
| http://lists.live555.com/pipermail/live-devel/201… | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisoryx_refsource_GENTOO |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2019-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T05:06:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "openSUSE-SU-2019:1797",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2019-February/021143.html"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "openSUSE-SU-2019:1797",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1880",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "openSUSE-SU-2020:0944",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7314",
"datePublished": "2019-02-04T02:00:00.000Z",
"dateReserved": "2019-02-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:46.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6256 (GCVE-0-2019-6256)
Vulnerability from cvelistv5 – Published: 2019-01-14 07:00 – Updated: 2024-08-04 20:16
VLAI
Summary
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://github.com/rgaufman/live555/issues/19 | x_refsource_MISC |
| https://seclists.org/bugtraq/2019/Mar/22 | mailing-listx_refsource_BUGTRAQ |
| https://www.debian.org/security/2019/dsa-4408 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisoryx_refsource_GENTOO |
Date Public
2019-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rgaufman/live555/issues/19"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T23:06:17.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rgaufman/live555/issues/19"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html"
},
{
"name": "https://github.com/rgaufman/live555/issues/19",
"refsource": "MISC",
"url": "https://github.com/rgaufman/live555/issues/19"
},
{
"name": "20190317 [SECURITY] [DSA 4408-1] liblivemedia security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/22"
},
{
"name": "DSA-4408",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4408"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6256",
"datePublished": "2019-01-14T07:00:00.000Z",
"dateReserved": "2019-01-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:16:24.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4013 (GCVE-0-2018-4013)
Vulnerability from cvelistv5 – Published: 2018-10-19 13:00 – Updated: 2024-09-16 22:24
VLAI
Summary
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
Severity
10 (Critical)
CWE
- Stack-based buffer overflow
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2018/dsa-4343 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.live555.com/pipermail/live-devel/201… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| https://security.gentoo.org/glsa/202005-06 | vendor-advisoryx_refsource_GENTOO |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Live Networks | LIVE555 Media Server |
Affected:
Version 0.92
|
Date Public
2018-10-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:04:28.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4343"
},
{
"name": "[live-devel] 20181017 New LIVE555 version - fixes a potential vulnerability in the RTSP server implementation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2018-October/021071.html"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1582-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LIVE555 Media Server",
"vendor": "Live Networks",
"versions": [
{
"status": "affected",
"version": "Version 0.92"
}
]
}
],
"datePublic": "2018-10-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:08:07.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4343",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4343"
},
{
"name": "[live-devel] 20181017 New LIVE555 version - fixes a potential vulnerability in the RTSP server implementation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.live555.com/pipermail/live-devel/2018-October/021071.html"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1582-1] liblivemedia security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html"
},
{
"name": "GLSA-202005-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-4013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LIVE555 Media Server",
"version": {
"version_data": [
{
"version_value": "Version 0.92"
}
]
}
}
]
},
"vendor_name": "Live Networks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4343",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4343"
},
{
"name": "[live-devel] 20181017 New LIVE555 version - fixes a potential vulnerability in the RTSP server implementation",
"refsource": "MLIST",
"url": "http://lists.live555.com/pipermail/live-devel/2018-October/021071.html"
},
{
"name": "[debian-lts-announce] 20181120 [SECURITY] [DLA 1582-1] liblivemedia security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html"
},
{
"name": "GLSA-202005-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-06"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-4013",
"datePublished": "2018-10-19T13:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:24:54.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6933 (GCVE-0-2013-6933)
Vulnerability from cvelistv5 – Published: 2014-01-23 21:00 – Updated: 2024-08-06 17:53
VLAI
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM |
| http://isecpartners.github.io/fuzzing/vulnerabili… | x_refsource_MISC |
Date Public
2013-11-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-23T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html",
"refsource": "MISC",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6933",
"datePublished": "2014-01-23T21:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6934 (GCVE-0-2013-6934)
Vulnerability from cvelistv5 – Published: 2014-01-23 21:00 – Updated: 2024-08-06 17:53
VLAI
Summary
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/65139 | vdb-entryx_refsource_BID |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM |
| http://isecpartners.github.io/fuzzing/vulnerabili… | x_refsource_MISC |
Date Public
2013-11-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65139",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65139",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65139"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html",
"refsource": "MISC",
"url": "http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6934",
"datePublished": "2014-01-23T21:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6036 (GCVE-0-2007-6036)
Vulnerability from cvelistv5 – Published: 2007-11-20 11:00 – Updated: 2024-08-07 15:54
VLAI
Summary
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/483910/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://security.gentoo.org/glsa/glsa-200803-22.xml | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/29356 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/27711 | third-party-advisoryx_refsource_SECUNIA |
| http://www.live555.com/liveMedia/public/changelog.txt | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2007/3939 | vdb-entryx_refsource_VUPEN |
| http://aluigi.altervista.org/adv/live555x-adv.txt | x_refsource_MISC |
| http://www.securityfocus.com/bid/26488 | vdb-entryx_refsource_BID |
Date Public
2007-11-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071118 Crash in LIVE555 Media Server 2007.11.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/483910/100/0/threaded"
},
{
"name": "live555-rtsp-dos(38542)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38542"
},
{
"name": "GLSA-200803-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-22.xml"
},
{
"name": "29356",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29356"
},
{
"name": "27711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "ADV-2007-3939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/live555x-adv.txt"
},
{
"name": "26488",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26488"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071118 Crash in LIVE555 Media Server 2007.11.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/483910/100/0/threaded"
},
{
"name": "live555-rtsp-dos(38542)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38542"
},
{
"name": "GLSA-200803-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-22.xml"
},
{
"name": "29356",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29356"
},
{
"name": "27711",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "ADV-2007-3939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/live555x-adv.txt"
},
{
"name": "26488",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26488"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071118 Crash in LIVE555 Media Server 2007.11.01",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/483910/100/0/threaded"
},
{
"name": "live555-rtsp-dos(38542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38542"
},
{
"name": "GLSA-200803-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-22.xml"
},
{
"name": "29356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29356"
},
{
"name": "27711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27711"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "ADV-2007-3939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3939"
},
{
"name": "http://aluigi.altervista.org/adv/live555x-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/live555x-adv.txt"
},
{
"name": "26488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26488"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6036",
"datePublished": "2007-11-20T11:00:00.000Z",
"dateReserved": "2007-11-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:54:26.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}