Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-04-29
Updated
2021-05-11
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-08-20
Updated
2023-03-29
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
Max CVSS
9.8
EPSS Score
3.16%
Published
2019-02-28
Updated
2022-04-22
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
Max CVSS
7.5
EPSS Score
0.13%
Published
2019-02-11
Updated
2020-05-15
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
Max CVSS
7.5
EPSS Score
0.10%
Published
2019-02-11
Updated
2020-08-24
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
9.8
EPSS Score
2.64%
Published
2019-02-04
Updated
2020-07-07
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Max CVSS
7.5
EPSS Score
87.71%
Published
2014-01-23
Updated
2019-09-12
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Max CVSS
7.5
EPSS Score
89.64%
Published
2014-01-23
Updated
2019-09-12
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!