CVE-2021-38382: Use After Free
First published: Tue Aug 10 2021(Updated: )
Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Live555 Live555 | <2021.08.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-38382.
What is the severity of CVE-2021-38382?
The severity of CVE-2021-38382 is medium (6.5).
What software is affected by CVE-2021-38382?
The Live555 version 1.08 and prior are affected by CVE-2021-38382.
What is the impact of CVE-2021-38382?
Exploiting CVE-2021-38382 can cause a Use-After-Free condition and crash the daemon.
Are there any references available for CVE-2021-38382?
Yes, you can find references for CVE-2021-38382 at the following links: - [Link 1](http://lists.live555.com/pipermail/live-devel/2021-August/021959.html) - [Link 2](http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06])
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/live555
- canonical/live555 live555