This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor live555 First view 2014-01-23
Product Streaming Media Last view 2019-08-19
Version 2012-09-11 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:live555:streaming_media

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-08-19 CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

9.8 2019-02-27 CVE-2019-9215

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

7.5 2014-01-23 CVE-2013-6933

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

CWE : Common Weakness Enumeration

%idName
25% (1) CWE-416 Use After Free
25% (1) CWE-189 Numeric Errors
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25% (1) CWE-20 Improper Input Validation

Snort® IPS/IDS

Date Description
2019-09-17 VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow att...
RuleID : 51040 - Type : FILE-MULTIMEDIA - Revision : 1
2014-04-17 VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow att...
RuleID : 30215 - Type : FILE-MULTIMEDIA - Revision : 5

Nessus® Vulnerability Scanner

id Description
2014-02-04 Name: The remote Windows host contains a media player that is affected by a buffer ...
File: vlc_2_1_2.nasl - Type: ACT_GATHER_INFO