Description
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoslinux
https://www.exploit-db.com/exploits/30776
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/483910/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38542
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200803-22.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29356
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27711
Various Sources x_refsource_confirm
http://www.live555.com/liveMedia/public/changelog.txt
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3939
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/live555x-adv.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26488
Scores
EPSS
0.1390
EPSS Percentile
94.3%
Details
CWE
CWE-20
Status
published
Products (1)
live555/media_server
< 2007.11.01
Published
Nov 20, 2007
Tracked Since
Feb 18, 2026