Live555

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65407 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
CVE-2025-65408 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS fi...Show more A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.Show less
CVE-2025-65406 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
CVE-2025-65405 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
CVE-2025-65404 1Live555 1Streaming Media Dec 23, 2025 Dec 1, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
CVE-2023-37117 1Live555 1Live555 Nov 21, 2024 Jan 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
CVE-2021-41396 1Live555 1Live555 Nov 21, 2024 Jul 12, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker...Show more Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.Show less
CVE-2021-39283 1Live555 1Live555 Nov 21, 2024 Aug 18, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
CVE-2021-39282 1Live555 1Live555 Nov 21, 2024 Aug 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
CVE-2021-38382 1Live555 1Live555 Nov 21, 2024 Aug 10, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-38381 1Live555 1Live555 Nov 21, 2024 Aug 10, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-38380 1Live555 1Live555 Nov 21, 2024 Aug 10, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.
CVE-2021-28899 1Live555 1Streaming Media Nov 21, 2024 Apr 29, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 20...Show more Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.Show less
CVE-2020-24027 1Live555 1Liblivemedia Nov 21, 2024 Jan 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
CVE-2019-15232 1Live555 1Streaming Media Nov 21, 2024 Aug 20, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demulti...Show more Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.Show less
CVE-2019-9215 3Debian Live555Opensuse 4Backports Sle Debian LinuxLeap+1 more Nov 21, 2024 Feb 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
CVE-2019-7733 1Live555 1Streaming Media Nov 21, 2024 Feb 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
CVE-2019-7732 1Live555 1Streaming Media Nov 21, 2024 Feb 11, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
CVE-2019-7314 2Debian Live555 2Debian Linux Streaming Media Nov 21, 2024 Feb 4, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentati...Show more liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-6256 2Debian Live555 2Debian Linux Live555 Media Server Nov 21, 2024 Jan 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is su...Show more A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.Show less

12 Next