Описание
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| uxplay | fixed | 1.72.3-1 | package | |
| uxplay | no-dsa | trixie | package | |
| uxplay | no-dsa | bookworm | package |
Примечания
https://github.com/0pepsi/CVE-2025-60458
https://github.com/FDH2/UxPlay/issues/486
https://github.com/FDH2/UxPlay/issues/441
Fixed by: https://github.com/FDH2/UxPlay/commit/747d9ffadfc126c6951eca7eae7063e50a7c3f78 (v1.72.3)
EPSS
Связанные уязвимости
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory address, potentially causing a Denial of Service.
EPSS