Описание
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| liblivemedia | fixed | 2019.08.16-1 | experimental | package |
| liblivemedia | fixed | 2019.10.11-2 | package | |
| liblivemedia | postponed | buster | package | |
| liblivemedia | postponed | stretch | package | |
| liblivemedia | postponed | jessie | package |
Примечания
Fixed upstream in 2019.08.16 according to available information.
Связанные уязвимости
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.
Уязвимость функции createNewClientSessionWithId() компонента GenericMediaServer группы библиотек для потоковой передачи мультимедиа Live555, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
