CVE-2025-65408

Name of the Vulnerable Software and Affected Versions Live555 Streaming Media version 2018.09.02

Description A flaw exists in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function that can lead to a Denial of Service (DoS). This occurs when processing a specially crafted ADTS file. Sending a crafted AAC/ADTS request to Live555 Streaming Media RTSP servers can cause them to crash remotely without requiring authentication.

Recommendations Restrict untrusted network traffic to the server. Disable the AAC demo stream. At the moment, there is no information about a newer version that contains a fix for this vulnerability.