CVE-2007-6628

Name of the Vulnerable Software and Affected Versions LScube Feng versions 0.1.15 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash due to a NULL dereference. This can be achieved through either a malformed Transport header or a malformed Range header. The malformed Transport header can trigger misparsing in parse transport header in RTSP setup.c, for example, by including only a "RTP/AVP;unicast;client port" sequence. Similarly, a malformed Range header can trigger misparsing in parse play time range in RTSP Play, such as an empty Range header.

Recommendations For LScube Feng versions 0.1.15 and earlier, consider disabling the RTSP functionality until a patch is available to prevent exploitation through malformed headers. Restrict access to the parse transport header and parse play time range functions to minimize the risk of daemon crashes due to misparsing. Avoid using malformed Transport and Range headers in API requests to the affected RTSP endpoints.