VulnerableCode Package Details - pkg:deb/debian/liblivemedia@2016.11.28-1%2Bdeb9u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2mez-px2g-vufk	A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.	CVE-2019-6256
VCID-b949-e8ze-jbga	In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.	CVE-2019-9215
VCID-dxx4-qmfe-3ygd	liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.	CVE-2019-7314
VCID-jafn-x9hp-sfgq	An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.	CVE-2018-4013

Vulnerability

Summary

Aliases

VCID-2mez-px2g-vufk

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.

CVE-2019-6256

VCID-b949-e8ze-jbga

In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.

CVE-2019-9215

VCID-dxx4-qmfe-3ygd

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

CVE-2019-7314

VCID-jafn-x9hp-sfgq

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

CVE-2018-4013

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T11:04:37.736979+00:00	Debian Oval Importer	Fixing	VCID-2mez-px2g-vufk	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T11:01:42.607750+00:00	Debian Oval Importer	Fixing	VCID-b949-e8ze-jbga	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:59:30.454518+00:00	Debian Oval Importer	Fixing	VCID-jafn-x9hp-sfgq	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0
2025-08-01T10:55:07.663298+00:00	Debian Oval Importer	Fixing	VCID-dxx4-qmfe-3ygd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	37.0.0