rgaufman/live555

rgaufman/live555

Releases0

Stars808

A mirror of the live555 source code.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-1200 ↗	Feb 18, 2026Wednesday, 18 February 2026, 21:16	6.3 MEDIUM	—
A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.
CVE-2025-65407 ↗	Dec 1, 2025Monday, 1 December 2025, 19:15	6.5 MEDIUM	—
A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream.
CVE-2025-65406 ↗	Dec 1, 2025Monday, 1 December 2025, 17:15	6.5 MEDIUM	—
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
CVE-2025-65408 ↗	Dec 1, 2025Monday, 1 December 2025, 17:15	6.5 MEDIUM	—
A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file.
CVE-2025-65404 ↗	Dec 1, 2025Monday, 1 December 2025, 16:15	6.5 MEDIUM	—
A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream.
CVE-2025-65405 ↗	Dec 1, 2025Monday, 1 December 2025, 16:15	6.5 MEDIUM	—
A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file.
CVE-2019-7732 ↗	Feb 11, 2019Monday, 11 February 2019, 17:29	—	5 MEDIUM
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
CVE-2019-7733 ↗	Feb 11, 2019Monday, 11 February 2019, 17:29	—	5 MEDIUM
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
CVE-2019-6256 ↗	Jan 14, 2019Monday, 14 January 2019, 08:29	—	7.5 HIGH
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.