This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor live555 First view 2014-01-23
Product Streaming Media Last view 2021-04-29
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:live555:streaming_media:0.95:*:*:*:*:*:*:* 5
cpe:2.3:a:live555:streaming_media:2013-10-22:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-10-24:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-10-18:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-10-16:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-09-07:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-08-31:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-08-28:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-08-16:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-08-15:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-04-23:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-04-22:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-04-21:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-04-16:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-01-22:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-01-21:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-01-19:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-01-18:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-11-22:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-11-17:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-11-16:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-11-08:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-09-13:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-09-12:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-09-11:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-09-07:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-02-27:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-10-03:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-10-02:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-10-01:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-09-30:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-07-03:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-06-30:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-06-18:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-06-14:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-04-01:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-03-31:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-03-23:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-03-07:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2013-11-25:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-12-24:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-12-23:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-12-22:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-12-21:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-10-18:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-10-17:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-10-16:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-10-12:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-08-20:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2012-08-17:*:*:*:*:*:*:* 4

Related : CVE

  Date Alert Description
7.5 2021-04-29 CVE-2021-28899

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
9.8 2019-08-19 CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
9.8 2019-02-27 CVE-2019-9215

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
7.5 2019-02-11 CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
7.5 2019-02-11 CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
9.8 2019-02-03 CVE-2019-7314

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
7.5 2014-01-23 CVE-2013-6934

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
7.5 2014-01-23 CVE-2013-6933

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-416 Use After Free
28% (2) CWE-189 Numeric Errors
14% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
14% (1) CWE-190 Integer Overflow or Wraparound
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:26500 Denial of service and possibly execute arbitrary code via a space or tab char...
oval:org.mitre.oval:def:24040 VLC Media Player RTSP Processing "parseRTSPRequestString()" Buffer Overflow V...

Snort® IPS/IDS

Date Description
2019-09-17 VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow att...
RuleID : 51040 - Type : FILE-MULTIMEDIA - Revision : 1
2014-04-17 VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow att...
RuleID : 30215 - Type : FILE-MULTIMEDIA - Revision : 5

Nessus® Vulnerability Scanner

id Description
2014-11-06 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201411-01.nasl - Type: ACT_GATHER_INFO
2014-02-04 Name: The remote Windows host contains a media player that is affected by a buffer ...
File: vlc_2_1_2.nasl - Type: ACT_GATHER_INFO