AVG-2276 log
| Package | live-media |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 2021.07.20-1 |
| Fixed | 2021.08.09-1 |
| Current | 2024.04.19-1 [extra] |
| Ticket | None |
| Created | Tue Aug 10 19:27:53 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-38382 | Medium | Yes | Arbitrary code execution | live-media before version 2021.08.06 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a... |
| CVE-2021-38381 | Medium | Yes | Arbitrary code execution | live-media before version 2021.08.09 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a... |
| CVE-2021-38380 | Low | No | Denial of service | live-media before version2021.08.04 mishandles huge requests for the same MP3 stream, leading to recursion and a stack-based buffer over- read. An attacker... |