CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
91.5%
Severity: Critical
Date : 2019-05-31
CVE-ID : CVE-2019-7314 CVE-2019-7733
Package : live-media
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-870
The package live-media before version 2019.05.12-1 is vulnerable to
multiple issues including arbitrary code execution and denial of
service.
Upgrade to 2019.05.12-1.
The problems have been fixed upstream in version 2019.05.12.
None.
liblivemedia in Live555 before 2019.02.03 mishandles the termination of
an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could
lead to a use-after-free error that causes the RTSP server to crash
(Segmentation fault) or possibly have unspecified other impact.
In Live555 0.95, a setup packet can cause a memory leak leading to DoS
because, when there are multiple instances of a single field (username,
realm, nonce, uri, or response), only the last instance can ever be
freed.
A remote attacker can cause a crash or execute arbitrary code on the
affected host via a crafted stream packet.
http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
http://www.live555.com/liveMedia/public/changelog.txt
https://github.com/rgaufman/live555/issues/21
https://security.archlinux.org/CVE-2019-7314
https://security.archlinux.org/CVE-2019-7733
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | live-media | < 2019.05.12-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
91.5%