Heng Zhang

**Name of the Vulnerable Software and Affected Versions** Live555 Streaming Media version 2018.09.02 **Description** A use-after-free issue exists in the `ADTSAudioFileSource::samplingFrequency()` function of Live555 Streaming Media. This flaw allows attackers to trigger a Denial of Service (DoS) by providing a specially crafted ADTS/AAC file. Exploitation of this issue can cause a remote crash of an RTSP server. **Recommendations** Update Live555 Streaming Media to a newer version that addresses this issue. As a temporary workaround, consider isolating the service to limit potential impact.

**Name of the Vulnerable Software and Affected Versions** Live555 Streaming Media version 2018.09.02 **Description** A flaw exists in the `ADTSAudioFileServerMediaSubsession::createNewRTPSink()` function that can lead to a Denial of Service (DoS). This occurs when processing a specially crafted ADTS file. Sending a crafted AAC/ADTS request to Live555 Streaming Media RTSP servers can cause them to crash remotely without requiring authentication. **Recommendations** Restrict untrusted network traffic to the server. Disable the AAC demo stream. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Live555 Streaming Media version 2018.09.02 **Description** A use-after-free issue exists in the `MPEG1or2Demux::newElementaryStream()` function. This allows attackers to cause a Denial of Service (DoS) by providing a crafted MPEG Program stream. **Recommendations** Update to the latest release to address this issue.

**Name of the Vulnerable Software and Affected Versions** Live555 Streaming Media version 2018.09.02 **Description** A buffer overflow exists in the `getSideInfo2()` function of Live555 Streaming Media. This issue allows attackers to cause a Denial of Service (DoS) by sending a specially crafted MP3 stream. The vulnerability does not require authentication. **Recommendations** Upgrade to the latest Live555 Streaming Media version. Block untrusted audio streams.

**Name of the Vulnerable Software and Affected Versions** Live555 Streaming Media version 2018.09.02 **Description** A heap overflow exists in the `MatroskaFile::createRTPSinkForTrackNumber()` function when processing crafted MKV files. This can lead to a Denial of Service (DoS). The issue affects the parsing of Matroska files and allows remote attackers to crash RTSP servers without requiring login credentials. **Recommendations** Update to the latest Live555 Streaming Media version. Block untrusted streams.

**Name of the Vulnerable Software and Affected Versions** hdf5 version 1.14.6 **Description** A heap buffer overflow was discovered via the H5Z filter scaleoffset function. **Recommendations** For version 1.14.6, consider disabling the H5Z filter scaleoffset function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** hdf5 version 1.14.6 **Description** A heap buffer overflow issue was discovered via the H5VM memcpyvv function. **Recommendations** For version 1.14.6, consider restricting the use of the H5VM memcpyvv function until a patch is available.