Live555 Streaming Media Null Pointer Dereference Vulnerability in ADTSAudioFileServerMediaSubsession

A null pointer dereference vulnerability has been identified in Live555 Streaming Media version 2018.09.02. The issue arises in the ADTSAudioFileServerMediaSubsession::createNewRTPSink() function, where the code improperly assumes that the input source is a valid ADTSAudioFileSource. This flaw allows attackers to cause a denial-of-service condition by sending a crafted ADTS file, which leads to the dereference of a null pointer and a segmentation fault.

Impact

Exploitation of this vulnerability causes the Live555 RTSP server to crash when handling AAC streams, specifically during the SETUP and PLAY commands.

Reproduction

The vulnerability can be reproduced by building Live555 version 2018.09.02 with AddressSanitizer enabled. After compiling the library and the test RTSP server, a crafted AAC file named 'test.aac' should be placed in the server's working directory. When the server is started and an RTSP client sends a DESCRIBE request followed by SETUP and PLAY requests for the 'aacAudioTest' stream, the server will crash with a segmentation fault, as reported by AddressSanitizer.