live555 vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-9215

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function....

Live555Streaming Media
5
CVSSv2
CVE-2019-7732

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed....

5
CVSSv2
CVE-2019-7733

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove....

7.5
CVSSv2
CVE-2019-7314

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact....

7.5
CVSSv2
CVE-2019-6256

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request...

7.5
CVSSv2
CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger...

Live555Live555 Media ServerDebianDebian Linux
10
CVSSv2
CVE-2013-4977

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string...

HikvisionDs-2cd7153-eDs-2cd7153-e Firmware
NA
CVE-2013-49823

Core Security Technologies Advisory - Multiple vulnerabilities have been found in AVTECH AVN801 DVR (and potentially other devices sharing the affected firmware) that could allow a remote attacker to exploit multiple buffer overflows resulting in arbitrary code execution or...

9
CVSSv2
CVE-2013-4981

Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the...

9
CVSSv2
CVE-2013-4980

Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an...