Candidate: CVE-2019-7732
PublicDate: 2019-02-11 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7732
 https://github.com/rgaufman/live555/issues/20
Description:
 In Live555 0.95, a setup packet can cause a memory leak leading to DoS
 because, when there are multiple instances of a single field (username,
 realm, nonce, uri, or response), only the last instance can ever be freed.
Ubuntu-Description:
Notes:
 ebarretto> According to upstream:
 ebarretto> Actually, this is not a memory leak. The parameters to
 ebarretto> “parseAuthorizationHeader()” are reference parameters (to pointers).
 ebarretto> The allocated memory is passed back to the calling function, which
 ebarretto> ends up deleting them all. So, there’s no bug here.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_liblivemedia:
upstream_liblivemedia: needs-triage
precise/esm_liblivemedia: DNE
trusty_liblivemedia: ignored (reached end-of-life)
trusty/esm_liblivemedia: DNE (trusty was needs-triage)
xenial_liblivemedia: ignored
bionic_liblivemedia: ignored
cosmic_liblivemedia: ignored (reached end-of-life)
disco_liblivemedia: ignored
devel_liblivemedia: ignored