375 matches found
CVE-2013-6934
CVE-2013-6934 affects VLC Media Player via the Live555 liblivemedia RTSP implementation. The issue arises in parseRTSPRequestString: a space at the beginning of an RTSP message can trigger an integer underflow, an infinite loop, and a buffer overflow, potentially crashing the application or enabl...
CVE-2013-6933
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 space or 2 tab character at the beginning of an...
Gentoo Security Advisory GLSA 200803-22 (live)
The remote host is missing updates announced in advisory GLSA 200803-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200803-22 (live)
The remote host is missing updates announced in advisory GLSA 200803-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-200803-22 : LIVE555 Media Server: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200803-22 LIVE555 Media Server: Denial of Service Luigi Auriemma reported a signedness error in the parseRTSPRequestString function when processing short RTSP queries. Impact : A remote attacker could send a specially crafted RTSP...
FreeBSD : liveMedia -- DoS vulnerability (821afaa2-9e9a-11dc-a7e3-0016360406fa)
The live555 development team reports : Fixed a bounds-checking error in 'parseRTSPRequestString' caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...
LIVE555媒体服务器ParseRTSPRequestString远程拒绝服务漏洞
BUGTRAQ ID: 26488 LIVE555 Media Server是一款RTSP服务器程序,可提供各种媒体文件流服务。 LIVE555媒体服务器在处理畸形的请求数据时存在漏洞,远程攻击者可能利用此漏洞导致服务器不可用。 LIVE555媒体服务器的parseRTSPRequestString函数没有检查客户端数据的数量(reqStrSize)是否大于或等于8字节。因为该函数使用了无符数字,因此7 - 8不是-1而是4294967295,这就导致到达了分配内存的末尾而出现崩溃。以下是liveMedia/RTSPCommon文件中有漏洞的代码: Boolean...
CVE-2007-6036
The CVE-2007-6036 vulnerability affects LIVE555 Media Server up to version 2007.11.01, where parseRTSPRequestString mishandles short RTSP queries, allowing remote actors to trigger a daemon crash (DoS) by causing a negative value during memory allocation. Affected product: LIVE555 Media Server (p...
LIVE555 Media Server ParseRTSPRequestString远程拒绝服务漏洞
LIVE555 Media Server是一款RTSP媒体服务程序。 LIVE555 Media Server处理客户端畸形RTSP查询存在问题,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 问题是对客户端提供的数据reqStrSize缺少正确检查,函数使用无符号数据,因此"7 - 8"不是-1而是4294967295,导致内存破坏而造成拒绝服务攻击。 LIVE555 Media Server 2007.11.1 升级程序: LIVE555 Media Server 2007.11.1 LIVE555 FreeBSD on Intel x86 processors:...
liveMedia -- DoS vulnerability
The live555 development team reports: Fixed a bounds-checking error in "parseRTSPRequestString" caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...
[Full-disclosure] Crash in LIVE555 Media Server 2007.11.01
Luigi Auriemma Application: LIVE555 Media Server http://www.live555.com/mediaServer/ Versions: = 2007.11.01 Platforms: nix, Windows, Mac and others Bug: crash caused by access to unallocated memory Exploitation: remote, versus server Date: 18 Nov 2007 Author: Luigi Auriemma e-mail:...
LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service source: https://www.securityfocus.com/bid/26488/info LIVE555 Media Server is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this...
LIVE555 Media Server < 2007.11.18 DoS
Binary data 4289.prm...
LIVE555 media server DoS
Uninitialized memory reading on RTSP query processing...
LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
source: https://www.securityfocus.com/bid/26488/info LIVE555 Media Server is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions. LIVE555...