CVE-2019-7314 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Affected Products (NVD)

Vendor	Product	Version
live555	streaming_media	𝑥 < 0.95
debian	debian_linux	8.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

liblivemedia

bionic	Fixed 2018.02.18-1ubuntu0.1~esm1 released
cosmic	ignored
disco	ignored
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	dne
impish	dne
jammy	dne
kinetic	dne
lunar	dne
trusty	dne
xenial	Fixed 2016.02.09-1ubuntu0.1~esm1 released

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

http://lists.live555.com/pipermail/live-devel/2019-February/021143.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html

http://www.live555.com/liveMedia/public/changelog.txt

https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html

https://seclists.org/bugtraq/2019/Mar/22

https://security.gentoo.org/glsa/202005-06

https://www.debian.org/security/2019/dsa-4408

http://lists.live555.com/pipermail/live-devel/2019-February/021143.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.html

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.html

http://www.live555.com/liveMedia/public/changelog.txt

https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html

https://seclists.org/bugtraq/2019/Mar/22

https://security.gentoo.org/glsa/202005-06

https://www.debian.org/security/2019/dsa-4408