CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.0%
The updated live, mplayer, vlc packages fix security vulnerabilities: liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-7314) In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. (CVE-2019-9215) Mplayer and VLC has been rebuilt against new live packages. Also, VLC has been updated to version 3.0.6.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 6 | noarch | live | < 2019.03.06-1 | live-2019.03.06-1.mga6 |
Mageia | 6 | noarch | mplayer | < 1.3.0-14 | mplayer-1.3.0-14.mga6 |
Mageia | 6 | noarch | vlc | < 3.0.6-1 | vlc-3.0.6-1.mga6 |
Mageia | 6 | noarch | mplayer | < 1.3.0-14 | mplayer-1.3.0-14.mga6.tainted |
Mageia | 6 | noarch | vlc | < 3.0.6-1 | vlc-3.0.6-1.mga6.tainted |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
92.0%