Source: uxplay Version: 1.72.2-3 Severity: important Tags: security upstream Forwarded: https://github.com/FDH2/UxPlay/issues/486 https://github.com/FDH2/UxPlay/issues/441 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for uxplay. CVE-2025-60458[0]: | UxPlay 1.72 contains a double free vulnerability in its RTSP request | handling. A specially crafted RTSP TEARDOWN request can trigger | multiple calls to free() on the same memory address, potentially | causing a Denial of Service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-60458 https://www.cve.org/CVERecord?id=CVE-2025-60458 [1] https://github.com/FDH2/UxPlay/issues/486 [2] https://github.com/FDH2/UxPlay/issues/441 [3] https://github.com/FDH2/UxPlay/commit/747d9ffadfc126c6951eca7eae7063e50a7c3f78 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
