<div style="font-family: system-ui; font-size: 14px"><div>Hello,
My name is Sangjun Park, and I am a fuzzing researcher. <br><br>I have discovered a heap use-after-free (UAF) vulnerability in the live555 streaming media server (version 2024-09-29), running on Ubuntu 20.04. <br>The issue occurs when the server processes a sequence of SETUP -> PLAY -> POST requests from a client, leading to a heap UAF condition. <br><br>You can easily reproduce the issue by following the steps outlined in the attached README.md file.
Additionally, I have provided the ASAN report and a reproducible test case, which you can access via the following link: <br><br>https://drive.google.com/file/d/19cNjRMTi41Y3wNzg6yCX2xp89NiEakfz/view?usp=sharing <br><br>
Best regards, <br>Sangjun Park
</div><!-- begin signature --><!-- end signature --></div><!--[if mso]>
<table style ="display:none"><tr><td><img src="https://kaist.gov-dooray.com/mail-receipts?img=48483836582f5534-32e091651d6fe486-36446f3522aa221e-36447118f06b5af8.gif" border="0"></td></tr></table>
<![endif]-->
<!--[if !mso]><!-- -->
<table style ="visibility: hidden;"><tr><td><img src="https://kaist.gov-dooray.com/mail-receipts?img=48483836582f5534-32e091651d6fe486-36446f3522aa221e-36447118f06b5af8.gif" border="0"></td></tr></table>
<!--[endif]-->