CVE-2007-6036

Published: Nov 20, 2007Modified: Apr 23, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

Affected (1)

Products: Live555: Media Server

Live555

1 product

Media Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Live555 Media Server	Up to 2007.11.01

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://aluigi.altervista.org/adv/live555x-adv.txt

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/27711

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29356

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200803-22.xml

Source: cve@mitre.org

http://www.live555.com/liveMedia/public/changelog.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/483910/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/26488

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3939

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/38542

Source: cve@mitre.org

http://aluigi.altervista.org/adv/live555x-adv.txt