From dominik at greysector.net  Tue Feb 10 14:23:58 2026
From: dominik at greysector.net (Dominik 'Rathann' Mierzejewski)
Date: Tue, 10 Feb 2026 23:23:58 +0100
Subject: [Live-devel] alleged Remote Code Execution via segmentation fault
 in increaseBufferTo function in GroupsockHelper.cpp
Message-ID: <aYuv_sp1R9z-PilX@amaterasu.greysector.net>

I was made aware of the following issue reported against a fork of
live555:
https://github.com/rgaufman/live555/issues/65

The file groupsock/GroupsockHelper.cpp there is functionally identical to the
latest official source, so perhaps it's worth investigating.

Regards,
Dominik
-- 
Fedora   https://fedoraproject.org
Deep in the human unconscious is a pervasive need for a logical universe that
makes sense. But the real universe is always one step beyond logic.
        -- from "The Sayings of Muad'Dib" by the Princess Irulan

From dominik at greysector.net  Tue Feb 10 14:24:23 2026
From: dominik at greysector.net (Dominik 'Rathann' Mierzejewski)
Date: Tue, 10 Feb 2026 23:24:23 +0100
Subject: [Live-devel] source availability over an encrypted connection
In-Reply-To: <C5018711-DFF2-4FDF-8116-25FE296F408E@live555.com>
References: <aU7E7Nt60_-Ym86l@amaterasu.greysector.net>
 <D45ABBD3-E5C5-4E32-B6FF-76012385BD3E@live555.com>
 <mailman.47.1768303146.1096.live-devel@lists.live555.com>
 <C5018711-DFF2-4FDF-8116-25FE296F408E@live555.com>
Message-ID: <aYuwF1nsZEzhzDYm@amaterasu.greysector.net>

On Tuesday, 13 January 2026 at 18:11, Ross Finlayson wrote:
> OK, to make people happy, I have now moved the LIVE555 source download
> files to a HTTPS web server:
> 	https://download.live555.com/

This is great, thanks a lot!

Regards,
Dominik
-- 
Fedora   https://fedoraproject.org
Deep in the human unconscious is a pervasive need for a logical universe that
makes sense. But the real universe is always one step beyond logic.
        -- from "The Sayings of Muad'Dib" by the Princess Irulan

From finlayson at live555.com  Tue Feb 10 14:37:56 2026
From: finlayson at live555.com (Ross Finlayson)
Date: Wed, 11 Feb 2026 11:37:56 +1300
Subject: [Live-devel] alleged Remote Code Execution via segmentation
 fault in increaseBufferTo function in GroupsockHelper.cpp
In-Reply-To: <aYuv_sp1R9z-PilX@amaterasu.greysector.net>
References: <aYuv_sp1R9z-PilX@amaterasu.greysector.net>
Message-ID: <3E9F4FA5-3961-4901-A6BE-ADE96C2F88A0@live555.com>

Sorry, but I respond only to bug reports that apply to the latest version of our own code, downloaded from our own web site.

Other people?s ?github? copies of our code should never be relied upon, and should not be used.  (If you are currently using such a ?github? repositary, then you should stop, and use our official code instead.)

(Note the ?README? file that is included in our source code distribution.)

(Note also that ?valgrind? is notorious for reporting ?false positives?, especially wrt. "depends on uninitialised value? reports.)


Ross Finlayson
Live Networks, Inc.
http://www.live555.com/