[Live-devel] [Security Issue][liblivemedia] stack buffer overflow in liblivemedia

Ross Finlayson finlayson at live555.com
Wed Jul 8 23:09:14 PDT 2020


Xiaobo,

Many thanks for reporting this.  The problem was not the call to “sscanf()” (because the buffer being read into is guaranteed to be large enough), but the subsequent call to “sprintf()” (using a fixed buffer size of 100).

I have now installed a new version (2020.07.09) of the “LIVE555 Streaming Media” code that should fix this problem.

Note to developers:  If you are using the LIVE555 code to develop a RTSP server (or a RTSP proxy), then you should upgrade to the latest version of the code ASAP.


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/




More information about the live-devel mailing list