UxPlay Double Free Vulnerability in RTSP Request Handling

Vulnerability

A double free vulnerability has been identified in UxPlay version 1.72, specifically within its RTSP request handling. This vulnerability allows a remote attacker to send a crafted RTSP TEARDOWN request that triggers multiple calls to free() on the same memory address. Such exploitation can lead to heap corruption, causing a denial-of-service condition by crashing the application. Additionally, this vulnerability may be exploitable for arbitrary code execution.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by crashing the application. However, according to the discoverer, this vulnerability could also be exploited for arbitrary code execution.

Added: Dec 29, 2025, 3:25 PM

Updated: Dec 29, 2025, 5:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UxPlay Double Free Vulnerability in RTSP Request Handling

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating