Live555 Streaming Media Buffer Overflow Vulnerability in MP3 Stream Processing

A buffer overflow vulnerability has been identified in the Live555 Streaming Media library version 2018.09.02, specifically within the 'getSideInfo2' function of the MP3 parsing module. This vulnerability allows attackers to cause a denial-of-service condition by streaming a crafted MP3 file. The issue arises because the function improperly validates certain values from the MP3 bitstream, leading to out-of-bounds memory access. When the crafted MP3 is processed, the library crashes, as evidenced by an AddressSanitizer log reporting the buffer overflow error.

Impact

Exploitation of this vulnerability causes the application to crash while processing the malicious MP3 stream, as demonstrated by an AddressSanitizer report indicating a global buffer overflow error. Additionally, there is a potential for low-severity information disclosure through adjacent global memory reads, although no write primitive has been observed in this context.

Reproduction

The vulnerability can be reproduced by compiling the Live555 Streaming Media library with AddressSanitizer enabled, using the 'testOnDemandRTSPServer' demo program. After replacing the default MP3 sample with a crafted file that exploits the buffer overflow, the server can be started and the malicious MP3 stream played. This triggers the vulnerability, causing the server to crash and the AddressSanitizer to report the buffer overflow error.