Vulmon Recent Vulnerabilities Trends Blog About Contact
7.5
CVSSv2

CVE-2019-7314

Published: 04/02/2019 Updated: 07/07/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Streaming Media

Vulnerability Summary

liblivemedia in Live555 prior to 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

live555 streaming media

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination causes use-after-free and crash
Debian Bug report logs - #924656 liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination causes use-after-free and crash Package: src:liblivemedia; Maintainer for src:liblivemedia is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Hugo Lefeuvre <hle@debianorg> Date: Fri, 1 ...
Debian Security Advisories: DSA-4408-1 liblivemedia -- security update
Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream For the stable distribution (stretch), these problems have been fixed in version 20161128-1+deb9u2 We recommend that you upgrade yo ...
Arch Linux Issues:
liblivemedia in Live555 before 20190203 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact ...
Arch Linux Advisories: [ASA-201905-17] live-media: multiple issues
Arch Linux Security Advisory ASA-201905-17 ========================================== Severity: Critical Date : 2019-05-31 CVE-ID : CVE-2019-7314 CVE-2019-7733 Package : live-media Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-870 Summary ======= The package live-media before version 20190512-1 is vul ...

Mailing Lists

Bugtraq: [SECURITY] [DSA 4408-1] liblivemedia security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4408-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff March 17, 2019 wwwdebianorg/security/faq ...

Github Repositories

aflnet

AFLNet: A Greybox Fuzzer for Network Protocols (https://thuanpv.github.io/publications/AFLNet_ICST20.pdf)

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

References

CWE-416http://lists.live555.com/pipermail/live-devel/2019-February/021143.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.htmlhttp://www.live555.com/liveMedia/public/changelog.txthttps://lists.debian.org/debian-lts-announce/2019/02/msg00037.htmlhttps://seclists.org/bugtraq/2019/Mar/22https://security.gentoo.org/glsa/202005-06https://www.debian.org/security/2019/dsa-4408https://tools.cisco.com/security/center/viewAlert.x?alertId=59550https://github.com/aflnet/aflnethttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
overflowCVE-2021-24122firewallCVE-2021-21010CVE-2021-0219CVE-2020-14101HTML injectionCVE-2020-6207envira galleryCVE-2021-0220enviragallery