Vulnerability Details CVE-2019-7314
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html
- http://www.live555.com/liveMedia/public/changelog.txt
- https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html
- https://seclists.org/bugtraq/2019/Mar/22
- https://security.gentoo.org/glsa/202005-06
- https://www.debian.org/security/2019/dsa-4408
- http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html
- http://www.live555.com/liveMedia/public/changelog.txt
- https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html
- https://seclists.org/bugtraq/2019/Mar/22
- https://security.gentoo.org/glsa/202005-06
- https://www.debian.org/security/2019/dsa-4408
Products affected by CVE-2019-7314
-
cpe:2.3:a:live555:streaming_media:-
-
cpe:2.3:a:live555:streaming_media:0.1
-
cpe:2.3:a:live555:streaming_media:0.15
-
cpe:2.3:a:live555:streaming_media:0.18
-
cpe:2.3:a:live555:streaming_media:0.19
-
cpe:2.3:a:live555:streaming_media:0.20
-
cpe:2.3:a:live555:streaming_media:0.30
-
cpe:2.3:a:live555:streaming_media:0.40
-
cpe:2.3:a:live555:streaming_media:0.42
-
cpe:2.3:a:live555:streaming_media:0.50
-
cpe:2.3:a:live555:streaming_media:0.60
-
cpe:2.3:a:live555:streaming_media:0.62
-
cpe:2.3:a:live555:streaming_media:0.63
-
cpe:2.3:a:live555:streaming_media:0.64
-
cpe:2.3:a:live555:streaming_media:0.65
-
cpe:2.3:a:live555:streaming_media:0.66
-
cpe:2.3:a:live555:streaming_media:0.67
-
cpe:2.3:a:live555:streaming_media:0.68
-
cpe:2.3:a:live555:streaming_media:0.70
-
cpe:2.3:a:live555:streaming_media:0.71
-
cpe:2.3:a:live555:streaming_media:0.72
-
cpe:2.3:a:live555:streaming_media:0.73
-
cpe:2.3:a:live555:streaming_media:0.74
-
cpe:2.3:a:live555:streaming_media:0.75
-
cpe:2.3:a:live555:streaming_media:0.76
-
cpe:2.3:a:live555:streaming_media:0.77
-
cpe:2.3:a:live555:streaming_media:0.78
-
cpe:2.3:a:live555:streaming_media:0.80
-
cpe:2.3:a:live555:streaming_media:0.81
-
cpe:2.3:a:live555:streaming_media:0.82
-
cpe:2.3:a:live555:streaming_media:0.83
-
cpe:2.3:a:live555:streaming_media:0.84
-
cpe:2.3:a:live555:streaming_media:0.85
-
cpe:2.3:a:live555:streaming_media:0.87
-
cpe:2.3:a:live555:streaming_media:0.88
-
cpe:2.3:a:live555:streaming_media:0.89
-
cpe:2.3:a:live555:streaming_media:0.90
-
cpe:2.3:a:live555:streaming_media:0.91
-
cpe:2.3:a:live555:streaming_media:0.92
-
cpe:2.3:a:live555:streaming_media:0.93
-
cpe:2.3:a:live555:streaming_media:0.94
-
cpe:2.3:o:debian:debian_linux:8.0