live-media

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Set of C++ libraries for multimedia streaming
Version 2021.08.24-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2306 2021.08.09-1 2021.08.24-1 Medium Fixed
AVG-2276 2021.07.20-1 2021.08.09-1 Medium Fixed
AVG-1448 2019.11.06-2 2021.04.06-1 Medium Fixed FS#69316
AVG-870 2018.10.17-1 2019.05.12-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-39283 AVG-2306 Low Yes Denial of service
liveMedia/FramedSource.cpp in live-media before version 2021.08.13 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
CVE-2021-39282 AVG-2306 Medium Yes Information disclosure
live-media before version 2021.08.13 has a memory leak in AC3AudioStreamParser for AC3 files.
CVE-2021-38382 AVG-2276 Medium Yes Arbitrary code execution
live-media before version 2021.08.06 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a...
CVE-2021-38381 AVG-2276 Medium Yes Arbitrary code execution
live-media before version 2021.08.09 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a...
CVE-2021-38380 AVG-2276 Low No Denial of service
live-media before version2021.08.04 mishandles huge requests for the same MP3 stream, leading to recursion and a stack-based buffer over- read. An attacker...
CVE-2021-28899 AVG-1448 Low Yes Denial of service
Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive...
CVE-2020-24027 AVG-1448 Medium Yes Arbitrary code execution
In live-media before version 2020.07.09, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command...
CVE-2019-7733 AVG-870 Medium Yes Denial of service
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce,...
CVE-2019-7314 AVG-870 Critical Yes Arbitrary code execution
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a...

Advisories

Date Advisory Group Severity Type
31 May 2019 ASA-201905-17 AVG-870 Critical multiple issues