Vulnerabilities > Live555

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2023-37117 Use After Free vulnerability in Live555 2023.05.10
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
network
low complexity
live555 CWE-416
critical
9.8
2022-07-12 CVE-2021-41396 Out-of-bounds Write vulnerability in Live555
Live555 through 1.08 does not handle socket connections properly.
network
low complexity
live555 CWE-787
7.5
2021-08-18 CVE-2021-39282 Memory Leak vulnerability in Live555
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
network
low complexity
live555 CWE-401
7.5
2021-08-18 CVE-2021-39283 Reachable Assertion vulnerability in Live555
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
local
low complexity
live555 CWE-617
5.5
2021-08-10 CVE-2021-38380 Out-of-bounds Read vulnerability in Live555
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read.
network
low complexity
live555 CWE-125
7.5
2021-08-10 CVE-2021-38381 Use After Free vulnerability in Live555
Live555 through 1.08 does not handle MPEG-1 or 2 files properly.
network
low complexity
live555 CWE-416
6.5
2021-08-10 CVE-2021-38382 Use After Free vulnerability in Live555
Live555 through 1.08 does not handle Matroska and Ogg files properly.
network
low complexity
live555 CWE-416
6.5
2021-04-29 CVE-2021-28899 Unspecified vulnerability in Live555 Streaming Media
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
network
low complexity
live555
7.5
2021-01-11 CVE-2020-24027 Out-of-bounds Write vulnerability in Live555 Liblivemedia 20200625
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
network
low complexity
live555 CWE-787
critical
9.8
2019-08-20 CVE-2019-15232 Use After Free vulnerability in Live555 Streaming Media
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
network
low complexity
live555 CWE-416
critical
9.8