This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor live555 First view 2019-02-11
Product Streaming Media Last view 2019-08-19
Version 0.95 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:live555:streaming_media

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-08-19 CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

9.8 2019-02-27 CVE-2019-9215

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

7.5 2019-02-11 CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.

7.5 2019-02-11 CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-416 Use After Free
25% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
25% (1) CWE-190 Integer Overflow or Wraparound
25% (1) CWE-20 Improper Input Validation