FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6036

This CVE name corresponds to:

Entered Topic
2007-12-08 liveMedia -- DoS vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-6036 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-6036
Phase Assigned(20071119)

Description

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

References

Source Reference
BUGTRAQ 20071118 Crash in LIVE555 Media Server 2007.11.01
MISC http://aluigi.altervista.org/adv/live555x-adv.txt
CONFIRM http://www.live555.com/liveMedia/public/changelog.txt
GENTOO GLSA-200803-22
BID 26488
VUPEN ADV-2007-3939
SECUNIA 27711
SECUNIA 29356
XF live555-rtsp-dos(38542)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.