This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor live555 First view 2014-01-23
Product Streaming Media Last view 2019-08-19
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:live555:streaming_media:0.95:*:*:*:*:*:*:* 4
cpe:2.3:a:live555:streaming_media:2011-08-13:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-08-20:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-08-22:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-09-02:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-09-19:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-10-05:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-10-09:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-10-18:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-10-27:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-11-02:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-11-08:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-11-20:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-11-27:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-11-28:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-11-29:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-12-02:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-12-19:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-12-20:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2011-12-23:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-01-07:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-01-13:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-01-25:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-01-26:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-02-03:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-02-04:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-02-29:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-03-20:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-03-22:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-04-04:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-04-18:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-04-21:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-04-26:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-04-27:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-05-03:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-05-11:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-05-17:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-06-12:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-06-17:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-06-23:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-06-26:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-07-03:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-07-06:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-07-14:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-07-18:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-07-24:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-07-26:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-08-08:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-08-12:*:*:*:*:*:*:* 3
cpe:2.3:a:live555:streaming_media:2012-08-17:*:*:*:*:*:*:* 3

Related : CVE

  Date Alert Description
9.8 2019-08-19 CVE-2019-15232

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

9.8 2019-02-27 CVE-2019-9215

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

7.5 2019-02-11 CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.

7.5 2019-02-11 CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

9.8 2019-02-03 CVE-2019-7314

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

7.5 2014-01-23 CVE-2013-6934

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.

7.5 2014-01-23 CVE-2013-6933

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

CWE : Common Weakness Enumeration

%idName
25% (2) CWE-416 Use After Free
25% (2) CWE-189 Numeric Errors
12% (1) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
12% (1) CWE-190 Integer Overflow or Wraparound
12% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:26500 Denial of service and possibly execute arbitrary code via a space or tab char...
oval:org.mitre.oval:def:24040 VLC Media Player RTSP Processing "parseRTSPRequestString()" Buffer Overflow V...

Snort® IPS/IDS

Date Description
2019-09-17 VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow att...
RuleID : 51040 - Type : FILE-MULTIMEDIA - Revision : 1
2014-04-17 VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow att...
RuleID : 30215 - Type : FILE-MULTIMEDIA - Revision : 5

Nessus® Vulnerability Scanner

id Description
2014-11-06 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201411-01.nasl - Type: ACT_GATHER_INFO
2014-02-04 Name: The remote Windows host contains a media player that is affected by a buffer ...
File: vlc_2_1_2.nasl - Type: ACT_GATHER_INFO