PT-2019-1687 · Live Networks+2 · Live555+2

Published

2019-02-04

Updated

2021-03-15

CVE-2019-7314

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Live555 versions prior to 2019.02.03

Description The issue is related to the mishandling of the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error. This error may cause the RTSP server to crash or have unspecified other impact. The vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 2019.02.03, update to version 2019.02.03 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTSP server to minimize the risk of exploitation.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2019-01281

CVE-2019-7314

DLA-1690-1

DSA-4408-1

MGASA-2019-0121

OPENSUSE-SU-2019:1797-1

OPENSUSE-SU-2019:1880-1

OPENSUSE-SU-2019_1797-1

OPENSUSE-SU-2020:0944-1

OPENSUSE-SU-2020_0944-1

OPENSUSE-SU-2024:11023-1

USN-4853-1

Affected Products

Live555

Suse

Ubuntu

PT-2019-1687 · Live Networks+2 · Live555+2

CVE-2019-7314

Weakness Enumeration

Related Identifiers

Affected Products

References · 39