Vulnerabilities > Live555

DATE CVE VULNERABILITY TITLE RISK
2021-08-18 CVE-2021-39283 Reachable Assertion vulnerability in Live555
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
network
live555 CWE-617
4.3
2021-08-18 CVE-2021-39282 Missing Release of Resource after Effective Lifetime vulnerability in Live555
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
network
low complexity
live555 CWE-772
5.0
2021-08-10 CVE-2021-38382 Use After Free vulnerability in Live555
Live555 through 1.08 does not handle Matroska and Ogg files properly.
network
live555 CWE-416
4.3
2021-08-10 CVE-2021-38381 Use After Free vulnerability in Live555
Live555 through 1.08 does not handle MPEG-1 or 2 files properly.
network
live555 CWE-416
4.3
2021-08-10 CVE-2021-38380 Out-of-bounds Read vulnerability in Live555
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read.
network
low complexity
live555 CWE-125
5.0
2021-04-29 CVE-2021-28899 Unspecified vulnerability in Live555 Streaming Media
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
network
low complexity
live555
5.0
2021-01-11 CVE-2020-24027 Out-of-bounds Write vulnerability in Live555 Liblivemedia 20200625
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
network
low complexity
live555 CWE-787
7.5
2019-08-20 CVE-2019-15232 Use After Free vulnerability in Live555 Streaming Media
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
network
low complexity
live555 CWE-416
7.5
2019-02-28 CVE-2019-9215 Improper Input Validation vulnerability in Live555 Streaming Media
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
network
low complexity
live555 CWE-20
7.5
2019-02-11 CVE-2019-7732 Memory Leak vulnerability in Live555 Streaming Media 0.95
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
network
low complexity
live555 CWE-401
5.0