VYPR
Vendor

Live555

Products
5
CVEs
23
Across products
29
Status
Private

Products

5

Recent CVEs

23
View all 23 CVEs →
  • CVE-2023-37117CriJan 12, 2024
    risk 0.64cvss 9.8epss 0.01

    A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

  • CVE-2019-15232CriAug 20, 2019
    risk 0.64cvss 9.8epss 0.02

    Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.

  • CVE-2019-9215CriFeb 28, 2019
    risk 0.64cvss 9.8epss 0.02

    In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

  • CVE-2019-7314CriFeb 4, 2019
    risk 0.64cvss 9.8epss 0.03

    liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

  • CVE-2019-6256CriJan 14, 2019
    risk 0.64cvss 9.8epss 0.02

    A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request…

  • CVE-2018-4013CriOct 19, 2018
    risk 0.64cvss 9.8epss 0.09

    An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger…

  • CVE-2021-41396HigJul 12, 2022
    risk 0.49cvss 7.5epss 0.01

    Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.

  • CVE-2021-39282HigAug 18, 2021
    risk 0.49cvss 7.5epss 0.02

    Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.

  • CVE-2021-38380HigAug 10, 2021
    risk 0.49cvss 7.5epss 0.02

    Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.

  • CVE-2021-28899HigApr 29, 2021
    risk 0.49cvss 7.5epss 0.01

    Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.

  • CVE-2019-7733HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.02

    In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.

  • CVE-2019-7732HigFeb 11, 2019
    risk 0.49cvss 7.5epss 0.01

    In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

  • CVE-2021-38382MedAug 10, 2021
    risk 0.42cvss 6.5epss 0.01

    Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.

  • CVE-2021-38381MedAug 10, 2021
    risk 0.42cvss 6.5epss 0.01

    Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.

  • CVE-2021-39283MedAug 18, 2021
    risk 0.36cvss 5.5epss 0.01

    liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.

  • CVE-2007-6036Nov 20, 2007
    risk 0.03cvss epss 0.04

    The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

  • CVE-2013-6934Jan 23, 2014
    risk 0.02cvss epss 0.28

    The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP…

  • CVE-2013-6933Jan 23, 2014
    risk 0.01cvss epss 0.17

    The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character…

  • CVE-2025-65406Dec 1, 2025
    risk 0.00cvss epss 0.00

    A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.

  • CVE-2025-65404Dec 1, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.