Vulnerability Details CVE-2007-6036
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 7.1
References
- http://aluigi.altervista.org/adv/live555x-adv.txt
- http://secunia.com/advisories/27711
- http://secunia.com/advisories/29356
- http://security.gentoo.org/glsa/glsa-200803-22.xml
- http://www.live555.com/liveMedia/public/changelog.txt
- http://www.securityfocus.com/archive/1/483910/100/0/threaded
- http://www.securityfocus.com/bid/26488
- http://www.vupen.com/english/advisories/2007/3939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38542
- http://aluigi.altervista.org/adv/live555x-adv.txt
- http://secunia.com/advisories/27711
- http://secunia.com/advisories/29356
- http://security.gentoo.org/glsa/glsa-200803-22.xml
- http://www.live555.com/liveMedia/public/changelog.txt
- http://www.securityfocus.com/archive/1/483910/100/0/threaded
- http://www.securityfocus.com/bid/26488
- http://www.vupen.com/english/advisories/2007/3939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38542
Products affected by CVE-2007-6036
-
cpe:2.3:a:live555:media_server:*