Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 677276 (CVE-2019-7314)

Summary: <media-plugins/live-2020.03.06: mishandles the termination of an RTSP stream (CVE-2019-7314)
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=669276
https://bugs.gentoo.org/show_bug.cgi?id=719336
Whiteboard: C3 [glsa+ cve cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 669276    
Bug Blocks:    

Description D'juan McDonald (domhnall) 2019-02-04 19:24:09 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-7314):

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.


Gentoo Security Padawan
(domhnall)
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-19 03:53:42 UTC
@maintainer(s), please create an appropriate ebuild.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-05-14 22:07:47 UTC
This issue was resolved and addressed in
 GLSA 202005-06 at https://security.gentoo.org/glsa/202005-06
by GLSA coordinator Thomas Deutschmann (whissi).