彙總 live555 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 記憶體損壞與緩衝區溢位 等問題,部分漏洞可能導致 記憶體損壞,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-65407 | A use-after-free in the MPEG1or2Demux::newElementaryStream() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG Program stream. | [email protected] | 6.5 | 0.26% | 2025-12-01 | 2026-06-17 |
| CVE-2025-65408 | A NULL pointer dereference in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS file. | [email protected] | 6.5 | 0.26% | 2025-12-01 | 2026-06-17 |
| CVE-2025-65406 | A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file. | [email protected] | 6.5 | 0.27% | 2025-12-01 | 2026-06-17 |
| CVE-2025-65405 | A use-after-free in the ADTSAudioFileSource::samplingFrequency() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ADTS/AAC file. | [email protected] | 6.5 | 0.26% | 2025-12-01 | 2026-06-17 |
| CVE-2025-65404 | A buffer overflow in the getSideInfo2() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via a crafted MP3 stream. | [email protected] | 6.5 | 0.27% | 2025-12-01 | 2026-06-17 |
| CVE-2023-37117 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. | [email protected] | 9.8 | 0.87% | 2024-01-12 | 2026-06-17 |
| CVE-2021-41396 | Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack. | [email protected] | 7.5 | 1.28% | 2022-07-12 | 2026-06-17 |
| CVE-2021-39283 | liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands. | [email protected] | 5.5 | 0.86% | 2021-08-18 | 2026-06-17 |
| CVE-2021-39282 | Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. | [email protected] | 7.5 | 1.53% | 2021-08-18 | 2026-06-17 |
| CVE-2021-38382 | Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | [email protected] | 6.5 | 1.19% | 2021-08-10 | 2026-06-17 |
| CVE-2021-38381 | Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash. | [email protected] | 6.5 | 1.19% | 2021-08-10 | 2026-06-17 |
| CVE-2021-38380 | Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack. | [email protected] | 7.5 | 1.53% | 2021-08-10 | 2026-06-17 |
| CVE-2021-28899 | Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16. | [email protected] | 7.5 | 1.09% | 2021-04-29 | 2026-06-16 |
| CVE-2020-24027 | In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time. | [email protected] | 9.8 | 1.61% | 2021-01-11 | 2026-06-16 |
| CVE-2019-15232 | Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors. | [email protected] | 9.8 | 1.72% | 2019-08-19 | 2026-06-16 |
| CVE-2019-9215 | In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. | [email protected] | 9.8 | 2.17% | 2019-02-27 | 2026-06-16 |
| CVE-2019-7733 | In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove. | [email protected] | 7.5 | 1.58% | 2019-02-11 | 2026-06-16 |
| CVE-2019-7732 | In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed. | [email protected] | 7.5 | 1.40% | 2019-02-11 | 2026-06-16 |
| CVE-2019-7314 | liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. | [email protected] | 9.8 | 3.19% | 2019-02-03 | 2026-06-16 |
| CVE-2019-6256 | A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. | [email protected] | 9.8 | 2.41% | 2019-01-14 | 2026-06-16 |