Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 677276 (CVE-2019-7314) - <media-plugins/live-2020.03.06: mishandles the termination of an RTSP stream (CVE-2019-7314)
Summary: <media-plugins/live-2020.03.06: mishandles the termination of an RTSP stream ...
Status: RESOLVED FIXED
Alias: CVE-2019-7314
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://lists.live555.com/pipermail/li...
Whiteboard: C3 [glsa+ cve cleanup]
Keywords:
Depends on: CVE-2018-4013, CVE-2019-15232, CVE-2019-6256, CVE-2019-9215
Blocks:
  Show dependency tree
 
Reported: 2019-02-04 19:24 UTC by D'juan McDonald (domhnall)
Modified: 2020-05-14 22:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-02-04 19:24:09 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-7314):

liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.


Gentoo Security Padawan
(domhnall)
Comment 1 Sam James (sec padawan) 2020-03-19 03:53:42 UTC
@maintainer(s), please create an appropriate ebuild.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-05-14 22:07:47 UTC
This issue was resolved and addressed in
 GLSA 202005-06 at https://security.gentoo.org/glsa/202005-06
by GLSA coordinator Thomas Deutschmann (whissi).