Primary

Context

Live555 Streaming Media Heap Overflow Vulnerability in RTSP Server

Vulnerability

A heap overflow vulnerability has been identified in Live555 Streaming Media version 2018.09.02. The issue arises in the MatroskaFile::createRTPSinkForTrackNumber() function, where a crafted MKV file can be used to trigger a denial-of-service condition. The vulnerability occurs during the processing of AAC track data, leading to a heap buffer overflow that causes the RTSP server to crash.

Impact

Exploitation of this vulnerability causes the RTSP server to crash while processing the Session Description Protocol (SDP) for a crafted Matroska file, disrupting service and potentially causing a temporary denial of access to the streaming resource.

Reproduction

The vulnerability can be reproduced by uploading a specially crafted Matroska file that exploits the heap overflow during the SDP generation for AAC tracks. This can be done by using the RTSP 'DESCRIBE' command, which triggers the vulnerable code path and causes the server to crash.

Added: Dec 1, 2025, 5:17 PM

Updated: Dec 1, 2025, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

9.5

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

9.5

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Live555 Streaming Media Heap Overflow Vulnerability in RTSP Server

Vulnerability

Impact

Reproduction

Affected Products

Live555 Streaming Media

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating