Skip to main content

Ubuntu EUVDEUVD-2025-200017

| CVE-2025-65406 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2025-12-01 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 13:34 euvd
EUVD-2025-200017
Analysis Generated
Mar 15, 2026 - 13:34 vuln.today
PoC Detected
Dec 23, 2025 - 13:45 vuln.today
Public exploit code
CVE Published
Dec 01, 2025 - 17:15 nvd
MEDIUM 6.5

DescriptionCVE.org

A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.

Analysis

A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state. This vulnerability is classified as Heap-based Buffer Overflow (CWE-122).

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

CVE-2013-6934 HIGH POC
7.5 Jan 23

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media P

CVE-2019-7733 HIGH POC
7.5 Feb 11

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestByt

CVE-2025-65407 MEDIUM POC
6.5 Dec 01

A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows atta

CVE-2025-65408 MEDIUM POC
6.5 Dec 01

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming M

CVE-2025-65405 MEDIUM POC
6.5 Dec 01

A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows

CVE-2025-65404 MEDIUM POC
6.5 Dec 01

A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Deni

CVE-2019-15232 CRITICAL
9.8 Aug 20

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the

CVE-2019-9215 CRITICAL
9.8 Feb 28

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

CVE-2019-7314 CRITICAL
9.8 Feb 04

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been

CVE-2013-6933 HIGH
7.5 Jan 23

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in V

CVE-2021-28899 HIGH
7.5 Apr 29

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaS

CVE-2019-7732 HIGH
7.5 Feb 11

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a s

Vendor StatusVendor

Ubuntu

Priority: Medium
liblivemedia
Release Status Version
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy DNE -
noble DNE -
plucky DNE -
questing DNE -
upstream needs-triage -

Debian

liblivemedia
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

SUSE

Severity: Medium

Share

EUVD-2025-200017 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy