CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 0CVE-2019-9215
https://notcve.org/view.php?id=CVE-2019-9215
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. En Live555, antes del 27/02/2019, cabeceras mal formadas conducen a un acceso de memoria inválida en la función parseAuthorizationHeader. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html http://www.live555.com/liveMedia/public/changelog.txt https://lists.debian.org/debian-lts-announce/2019/03/msg00022.html https://seclists.org/bugtraq/2019/Mar/22 https://security.gentoo.org/glsa/202005-06 https://www.debian.org/security/2019/dsa-4408 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-7732
https://notcve.org/view.php?id=CVE-2019-7732
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed. En Live555 0.95, un paquete de instalación puede provocar una fuga de memoria y una denegación de servicio (DoS). Esto se debe a que, cuando hay múltiples instancias de un único campo (username, realm, nonce, uri o response), solo se puede liberar la última instancia. • https://github.com/rgaufman/live555/issues/20 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7733
https://notcve.org/view.php?id=CVE-2019-7733
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. En Live555 0.95, hay un desbordamiento de búfer mediante un entero largo en una cabecera HTTP Content-Length debido a que handleRequestBytes tiene un memmove no restringido. • https://github.com/rgaufman/live555/issues/21 https://security.gentoo.org/glsa/202005-06 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2019-7314
https://notcve.org/view.php?id=CVE-2019-7314
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. liblivemedia en Live555, antes del 03/02/2019, gestiona de manera incorrecta la terminación de una transmisión RTSP después de que RTP/RTCP-over-RTSP se configura, lo que podría provocar un error de uso de memoria previamente liberada que causa el cierre inesperado del servidor RTSP (fallo de segmentación) o potencialmente tiene otro impacto no especificado. • http://lists.live555.com/pipermail/live-devel/2019-February/021143.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html http://www.live555.com/liveMedia/public/changelog.txt https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html https://seclists.org/bugtraq/2019/Mar/22 https://security.gentoo.org/glsa/20 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6256
https://notcve.org/view.php?id=CVE-2019-6256
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. Se ha descubierto una denegación de servicio (DoS) en las librerías Live555 Streaming Media tal y como se utilizan en la versión 0.93 de Live555 Media Server. Esto puede provocar el cierre inesperado de "RTSPServer" en handleHTTPCmd_TunnelingPOST cuando "tunneling" RTSP-over-HTTP es soportado mediante cabeceras HTTP en una petición GET dentro de la misma sesión TCP. • https://github.com/rgaufman/live555/issues/19 https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html https://seclists.org/bugtraq/2019/Mar/22 https://security.gentoo.org/glsa/202005-06 https://www.debian.org/security/2019/dsa-4408 • CWE-755: Improper Handling of Exceptional Conditions •