Candidate: CVE-2019-7314
PublicDate: 2019-02-04 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7314
 http://lists.live555.com/pipermail/live-devel/2019-February/021143.html
 http://www.live555.com/liveMedia/public/changelog.txt
Description:
 liblivemedia in Live555 before 2019.02.03 mishandles the termination of an
 RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a
 Use-After-Free error that causes the RTSP server to crash (Segmentation
 fault) or possibly have unspecified other impact.
Ubuntu-Description:
 It was discovered that liveMedia incorrectly handled certain RTSP streamings.
 An attacker could possiby use this issue to cause a denial of service or other
 unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_liblivemedia:
upstream_liblivemedia: needs-triage
precise/esm_liblivemedia: DNE
trusty_liblivemedia: ignored (reached end-of-life)
trusty/esm_liblivemedia: DNE (trusty was needed)
xenial_liblivemedia: ignored (end of standard support, was needed)
bionic_liblivemedia: needed
cosmic_liblivemedia: ignored (reached end-of-life)
disco_liblivemedia: ignored (reached end-of-life)
eoan_liblivemedia: not-affected (2018.11.26-1.1)
focal_liblivemedia: not-affected (2018.11.26-1.1)
groovy_liblivemedia: not-affected (2018.11.26-1.1)
hirsute_liblivemedia: DNE
impish_liblivemedia: DNE
jammy_liblivemedia: DNE
devel_liblivemedia: DNE