CVE-2021-38381 — Vulnetix

CVE-2021-38381 PUBLISHED CVSS 6.5 MEDIUM

Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.

EPSS 0.22% · 45.3th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.22%

45.3th percentile

Affected Products

Vendor	Product	Versions
live555	live555	0
n/a	n/a	n/a

Exploit Intelligence

http://lists.live555.com/pipermail/live-devel/2021-August/021961.html (nist-nvd)
http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D (circl)

Timeline

Aug 10, 2021 CVE Published
Aug 11, 2021 EPSS Score
Oct 9, 2021 EPSS Score
Dec 6, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 3, 2022 EPSS Score
May 31, 2022 EPSS Score
Jul 30, 2022 EPSS Score
Sep 27, 2022 EPSS Score
Nov 25, 2022 EPSS Score

References

http://lists.live555.com/pipermail/live-devel/2021-August/021961.html url
http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D url
https://nvd.nist.gov/vuln/detail/CVE-2021-38381 advisory
http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] url

Open in Interactive Console →