Search Results (26 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-34058 1 Live555 1 Streaming Media 2026-07-14 N/A
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.
CVE-2026-41470 2 Live555, Live Networks 2 Live555, Live555 2026-07-14 5.9 Medium
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP connection without authentication, causing server crashes through virtual function call errors or disrupting active streams by terminating victim sessions.
CVE-2007-6036 1 Live555 1 Media Server 2026-04-23 N/A
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
CVE-2025-65404 1 Live555 1 Streaming Media 2025-12-23 6.5 Medium
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
CVE-2025-65405 1 Live555 1 Streaming Media 2025-12-23 6.5 Medium
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
CVE-2025-65406 1 Live555 2 Live555, Streaming Media 2025-12-23 6.5 Medium
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
CVE-2025-65408 1 Live555 1 Streaming Media 2025-12-23 6.5 Medium
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
CVE-2025-65407 1 Live555 1 Streaming Media 2025-12-23 6.5 Medium
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
CVE-2013-6933 1 Live555 1 Streaming Media 2025-04-11 N/A
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
CVE-2013-6934 2 Live555, Videolan 2 Streaming Media, Vlc Media Player 2025-04-11 N/A
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
CVE-2023-37117 1 Live555 1 Live555 2024-11-21 9.8 Critical
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
CVE-2021-41396 1 Live555 1 Live555 2024-11-21 7.5 High
Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.
CVE-2021-39283 1 Live555 1 Live555 2024-11-21 5.5 Medium
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
CVE-2021-39282 1 Live555 1 Live555 2024-11-21 7.5 High
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
CVE-2021-38382 1 Live555 1 Live555 2024-11-21 6.5 Medium
Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-38381 1 Live555 1 Live555 2024-11-21 6.5 Medium
Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
CVE-2021-38380 1 Live555 1 Live555 2024-11-21 7.5 High
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.
CVE-2021-28899 1 Live555 1 Streaming Media 2024-11-21 7.5 High
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.
CVE-2020-24027 1 Live555 1 Liblivemedia 2024-11-21 9.8 Critical
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.
CVE-2019-9215 3 Debian, Live555, Opensuse 4 Debian Linux, Streaming Media, Backports Sle and 1 more 2024-11-21 9.8 Critical
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.