CVE-2019-7732

HIGH

Live555 0.95 - Memory Corruption

Title source: llm

Description

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

References (1)

[Third Party Advisory] https://github.com/rgaufman/live555/issues/20

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

live555/streaming_media

Timeline

Published Feb 11, 2019

Tracked Since Feb 18, 2026