FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

liveMedia -- DoS vulnerability

Affected packages
liveMedia < 2007.11.18,1

Details

VuXML ID 821afaa2-9e9a-11dc-a7e3-0016360406fa
Discovery 2007-11-20
Entry 2007-12-08
Modified 2007-12-09

The live555 development team reports:

Fixed a bounds-checking error in "parseRTSPRequestString()" caused by an int vs. unsigned problem.

The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the smallest RTSP query possible to use.

References

CVE Name CVE-2007-6036
URL http://aluigi.altervista.org/adv/live555x-adv.txt
URL http://www.live555.com/liveMedia/public/changelog.txt