[Live-devel] Heap Use-After-Free Bug(2) in live555 (2024-09-29)
박상준
sangjuns at kaist.ac.kr
Tue Oct 8 23:58:38 PDT 2024
Hello,
My name is Sangjun Park, and I am a fuzzing researcher. I have identified a heap use-after-free (UAF) vulnerability in the live555 streaming media server (version 2024-09-29) running on Ubuntu 20.04.
The issue occurs when the server processes a sequence of SETUP -> PLAY -> DESCRIBE requests from a client, leading to a heap UAF condition. You can easily reproduce the bug by following the instructions in the attached README.md file.
Additionally, I have included the ASAN report and a reproduction file, which you can access at the following link: https://drive.google.com/file/d/1uq6NFkCgxOcYkkUJtnr2DzMKdoWMZ-Tp/view?usp=sharing
Best regards, Sangjun Park
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20241009/f4a6bc59/attachment.htm>
More information about the live-devel
mailing list