live555 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-65407 | A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream. | [email protected] | 6.5 | 0.05% | 2025-12-01 | 2025-12-23 |
| CVE-2025-65408 | A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file. | [email protected] | 6.5 | 0.05% | 2025-12-01 | 2025-12-23 |
| CVE-2025-65406 | A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file. | [email protected] | 6.5 | 0.05% | 2025-12-01 | 2025-12-23 |
| CVE-2025-65405 | A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file. | [email protected] | 6.5 | 0.05% | 2025-12-01 | 2025-12-23 |
| CVE-2025-65404 | A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream. | [email protected] | 6.5 | 0.05% | 2025-12-01 | 2025-12-23 |
| CVE-2023-37117 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. | [email protected] | 9.8 | 0.25% | 2024-01-12 | 2024-11-21 |
| CVE-2021-41396 | Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack. | [email protected] | 7.5 | 0.43% | 2022-07-12 | 2024-11-21 |
| CVE-2021-39283 | liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. | [email protected] | 5.5 | 0.21% | 2021-08-18 | 2024-11-21 |
| CVE-2021-39282 | Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. | [email protected] | 7.5 | 0.30% | 2021-08-18 | 2024-11-21 |
| CVE-2021-38382 | Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | [email protected] | 6.5 | 0.22% | 2021-08-10 | 2024-11-21 |
| CVE-2021-38381 | Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | [email protected] | 6.5 | 0.22% | 2021-08-10 | 2024-11-21 |
| CVE-2021-38380 | Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack. | [email protected] | 7.5 | 0.28% | 2021-08-10 | 2024-11-21 |
| CVE-2021-28899 | Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. | [email protected] | 7.5 | 0.39% | 2021-04-29 | 2024-11-21 |
| CVE-2020-24027 | In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time. | [email protected] | 9.8 | 0.55% | 2021-01-11 | 2024-11-21 |
| CVE-2019-15232 | Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. | [email protected] | 9.8 | 0.71% | 2019-08-20 | 2024-11-21 |
| CVE-2019-9215 | In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. | [email protected] | 9.8 | 0.94% | 2019-02-28 | 2024-11-21 |
| CVE-2019-7733 | In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. | [email protected] | 7.5 | 0.35% | 2019-02-11 | 2024-11-21 |
| CVE-2019-7732 | In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed. | [email protected] | 7.5 | 0.33% | 2019-02-11 | 2024-11-21 |
| CVE-2019-7314 | liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. | [email protected] | 9.8 | 1.39% | 2019-02-04 | 2024-11-21 |
| CVE-2019-6256 | A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. | [email protected] | 9.8 | 0.58% | 2019-01-14 | 2024-11-21 |