Streaming Media

streaming_media

Vendor: Live555 • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65407 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
CVE-2025-65408 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS fi...Show more A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.Show less
CVE-2025-65406 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
CVE-2025-65405 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
CVE-2025-65404 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
CVE-2021-28899 1Live555 1Streaming Media Nov 21, 2024 Apr 29, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 20...Show more Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.Show less
CVE-2019-15232 1Live555 1Streaming Media Nov 21, 2024 Aug 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demulti...Show more Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.Show less
CVE-2019-9215 3Debian Live555Opensuse 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
CVE-2019-7733 1Live555 1Streaming Media Nov 21, 2024 Feb 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
CVE-2019-7732 1Live555 1Streaming Media Nov 21, 2024 Feb 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
CVE-2019-7314 2Debian Live555 2Debian Linux Streaming Media Nov 21, 2024 Feb 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentati...Show more liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2013-6934 2Live555 Videolan 2Streaming Media Vlc Media Player Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...Show more The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.Show less
CVE-2013-6933 1Live555 1Streaming Media Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly...Show more The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.Show less