ID CVE-2019-7314
Summary liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
References
Vulnerable Configurations
  • cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*
    cpe:2.3:a:live555:streaming_media:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 21-03-2019 - 16:01)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20190317 [SECURITY] [DSA 4408-1] liblivemedia security update
debian DSA-4408
misc
mlist [debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update
Last major update 21-03-2019 - 16:01
Published 04-02-2019 - 02:29
Back to Top