CVE-2019-15232

Name of the Vulnerable Software and Affected Versions Live555 versions prior to 2019.08.16

Description The issue is related to a Use-After-Free error in the GenericMediaServer::createNewClientSessionWithId function, which can generate the same client session ID in succession. This is mishandled by the MPEG1or2 and Matroska file demultiplexors. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 2019.08.16, update to version 2019.08.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the GenericMediaServer component until a patch is available. Avoid using the createNewClientSessionWithId function in the affected GenericMediaServer component until the issue is resolved.