Skip to main content

Streaming Media

13 CVEs product

Monthly

CVE-2025-65407 MEDIUM POC PATCH This Month

A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.

Denial Of Service Memory Corruption Use After Free Ubuntu Debian +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65408 MEDIUM POC PATCH This Month

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.

Denial Of Service Null Pointer Dereference Ubuntu Debian Streaming Media +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65406 MEDIUM POC PATCH This Month

A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.

Heap Overflow Denial Of Service Buffer Overflow Ubuntu Debian +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65405 MEDIUM POC PATCH This Month

A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.

Denial Of Service Memory Corruption Use After Free Ubuntu Debian +2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65404 MEDIUM POC PATCH This Month

A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.

Denial Of Service Buffer Overflow Ubuntu Debian Streaming Media +1
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-28899 HIGH This Week

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-15232 CRITICAL Act Now

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Streaming Media
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-9215 CRITICAL Act Now

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media Backports Sle Leap Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-7733 HIGH POC This Week

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Streaming Media
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2019-7732 HIGH This Week

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-7314 CRITICAL Act Now

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Streaming Media Debian Linux
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2013-6934 HIGH POC This Week

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE Streaming Media Vlc Media Player
NVD
CVSS 2.0
7.5
EPSS
4.0%
CVE-2013-6933 HIGH This Week

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Streaming Media
NVD
CVSS 2.0
7.5
EPSS
3.4%
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.

Denial Of Service Null Pointer Dereference Ubuntu +3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.

Heap Overflow Denial Of Service Buffer Overflow +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.

Denial Of Service Memory Corruption Use After Free +4
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.

Denial Of Service Buffer Overflow Ubuntu +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media Backports Sle +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Streaming Media
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Streaming Media
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +2
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service RCE +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy